internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
p. 87<br />
Symantec Corporation<br />
Internet Security Threat Report <strong>2013</strong> :: Volume 18<br />
ThREAT ACTIVITy TRENDS<br />
The following are specific definitions of each subcategory:<br />
• Collects Device Data gathers information that is specific<br />
to the functionality of the device, such as IMEI, IMSI,<br />
operating system, and phone configuration data.<br />
• Spies on User intentionally gathers information from the<br />
device to keep monitor a user, such as phone logs and SMS<br />
messages, and sends them to a remote source.<br />
• Sends Premium SMS sends SMS messages to premium-rate<br />
numbers that are charged to the user’s mobile account.<br />
• Downloader can download other risks on to the<br />
compromised device.<br />
• Back door opens a back door on the compromised device,<br />
allowing attackers to perform arbitrary actions.<br />
• Tracks Location gathers GPS information from the device<br />
specifically to track the user’s location.<br />
• Modifies Settings changes configuration settings on the<br />
compromised device.<br />
• Spam sends spam email messages from the compromised<br />
device.<br />
• Steals Media sends media, such as pictures, to a remote<br />
source.<br />
• Elevates Privileges attempts to gain privileges beyond those<br />
laid out when installing the app bundled with the risk.<br />
• Banking Trojan monitors the device for banking<br />
transactions, gathering the sensitive details for further<br />
malicious actions.<br />
• SEO Poisoning periodically sends the phone’s browser to<br />
predetermined URLs in order to boost search rankings.<br />
• Adware/Annoyance contains mobile adware that uses<br />
techniques to place advertising in the device’s photo<br />
albums and calender entries, and may push messages to the<br />
notification bar. It may even replace the default ringtone<br />
with an ad.<br />
Apps with malicious intentions can present serious risks to<br />
users of mobile devices. These metrics show the different<br />
functions that these bad mobile apps performed during the<br />
year. The data was compiled by analyzing the key functionality<br />
of malicious mobile apps. Symantec has identified five primary<br />
mobile risk types:<br />
• Collect Data. Most common among bad mobile apps was the<br />
collection of data from the compromised device. This was<br />
typically done with the intent to carry out further malicious<br />
activities, in much the way an information-stealing Trojan<br />
might. This includes both device- and user-specific data,<br />
ranging from configuration data to banking details. This<br />
information can be used in a number of ways, but for the<br />
most part, it is fairly innocuous with IMEI 7 and IMSI 8<br />
numbers taken by attackers as a way to uniquely identify<br />
a device. More concerning is data gathered about the<br />
device software, such as operating system (OS) version or<br />
applications installed, to carry out further attacks (say, by<br />
exploiting a software vulnerability). Rarer, but of greatest<br />
concern is when user-specific data, such as banking<br />
details, is gathered in an attempt to make unauthorized<br />
transactions. While this category covers a broad range of<br />
data, the distinction between device and user data is given<br />
in more detail in the subcategories below.<br />
• Track User. The next most common purpose was to track a<br />
user’s personal behavior and actions. These risks take data<br />
specifically to spy on the individual using the phone. This<br />
is done by gathering up various communication data, such<br />
as SMS messages and phone call logs, and sending them to<br />
another computer or device. In some instances they may<br />
even record phone calls. In other cases these risks track GPS<br />
coordinates, essentially keeping tabs on the location of the<br />
device (and their user) at any given time. Gathering pictures<br />
taken with the phone also falls into this category.<br />
• Send Content. The third-largest group of risks is bad apps<br />
that send out content. These risks are different from the<br />
first two categories because their direct intent is to make<br />
money for the attacker. Most of these risks will send a text<br />
message to a premium SMS number, ultimately appearing<br />
on the mobile bill of the device’s owner. Also within this<br />
category are risks that can be used as email spam relays,<br />
controlled by the attackers and sending unwanted emails<br />
from addresses registered to the device. One threat in this<br />
category constantly sent HTTP requests in the hopes of<br />
bumping certain pages within search rankings.<br />
• Traditional Threats. The fourth group contains more<br />
traditional threats, such as back doors and downloaders.<br />
Attackers often port these types of risks from PCs to mobile<br />
devices.<br />
• Change Settings. Finally, there are a small number of risks<br />
that focus on making configuration changes. These types<br />
attempt to elevate privileges or simply modify various<br />
settings within the operating system. The goal for this<br />
final group seems to be to perform further actions on the<br />
compromised devices.
Change language