By David Goldman
NEW YORK (CNNMoney) – The bad guys are winning the war on cybercrime: Computer viruses, trojans and web attacks are soaring at their fastest pace in four years.
In its quarterly “Threats Report,” Intel subsidiary McAfee said that it had found more than 8 million new kinds of malware in the second quarter, up 23% from the first quarter. There are now more than 90 million unique strands of malware in the wild, the security company said.
Microsoft Windows PCs remain by far the largest targets for malicious cyberattacks, but hackers are targeting other devices too, including Apple Macintosh computers and mobile phones.
“Attacks that we’ve traditionally seen on PCs are now making their way to other devices,” said Vincent Weafer, head of McAfee Labs. “This report highlights the need for protection on all devices that may be used to access the Internet.”
Apple got a wake-up call in the second quarter. The company had advertised that Macs didn’t get viruses, but a virus called “Flashback” changed all that. The scary piece of malware, which infected hundreds of thousands of Macintosh computers, looked like a normal Adobe Flash browser plug-in but stole thousands of usernames and passwords.
As Macintosh grows its PC market share — it is now the third-largest computer platform in the United States — hackers have increasingly targeted Apple computers. This summer, the company scaled back its security claims.
Google is also a growing recipient of attacks. The company’s mobile Android software is the target of virtually all new mobile malware — viruses that are soaring in number. So far, McAfee has found about 13,000 different kinds of mobile malware this year, compared to fewer than 2,000 in 2011.
“Android malware shows no signs of slowing down, putting users on high alert,” the company said.
New kinds of attacks include sending spam text messages, commandeering a phone for use in massive botnets, holding a phone hostage in exchange for ransom, and attacking a phone in a “mobile drive-by.”
“Ransomware” — a popular tool for cybercriminals a decade ago — is fashionable again on smartphones. After a user inadvertently downloads a piece of ransomware, the virus take control of the user’s device and data, relinquishing it only if the user pays money to the attacker.
After years of ransomware dormancy, the attack method has grown rapidly in recent months. The second quarter was the biggest ever for new kinds of ransomware.
“Drive-by” downloads are another old form of PC attack that has been recently repurposed for smartphones. They’re called “drive-by” because attackers break into websites and infect all users who visit them. McAfee said it found its first instances of mobile drive-by downloads in the second quarter — attackers dropping malware on your phone when you visit an infected site.
“A victim still needs to install the downloaded malware, but when an attacker names the file ‘Android System Update 4.0.apk,’ most suspicions vanish,” the report said.
Even Twitter has become a tool for attacks from botnets — large collectives of infected PCs and phones that do the bidding of the attacker. Instead of connecting to all the infected devices via a Web server, cybercriminals are increasingly building viruses that are trained to search for commands from specific Twitter accounts. Using Twitter means attackers no longer have to buy an expensive Web server or go through the trouble of stealing one.