Q2 2012: Flashback infects 10% of Macs, Android malware up 300%

If I had two pick just two major malware stories for Q2 2012, I would have to go with the Flashback Trojan and the Android threat explosion . New information shows just how serious the former was (Apple has largely fixed the issue) and how serious the latter still is (Google seems to be fighting a losing battle).

Kindsight recently released its 12-page Malware Report for the last quarter (PDF). Here are the top three Q2 2012 highlights:

The Mac Flashback infection led the top 20 lists for four weeks in a row, infecting 10 percent of home networks with Mac computers during the month of April.
14 percent of home networks were infected with malware in Q2 2012, up from 13 percent in the previous quarter. 0.7 percent of all devices on mobile networks were infected, including Android phones and laptops connected to the mobile network (this is a significant number since the total device count includes a large number of feature phones that are not targets for malware).
Android malware samples increased by 300 percent over the past three months.

The Android malware situation isn't too surprising, but the Flashback number should raise some eyebrows. Here's the corresponding part from the report:

For the first time ever, malware targeting the Macintosh platform was in the number one position on the Kindsight Security Labs home network infections list. Our detection statistics for the month of April show that 1.1% of homes were infected with this malware. Based on a Mac market share this translates into about 10% of homes with Mac computers being infected with this malware during the month of April. Security researchers at Symantec have discovered that in addition to stealing passwords, Flashback is also being use for ad-click fraud.

In other words, the security firm is specifically looking at home networks and Mac market share to extrapolate a more accurate number. Nevertheless, I find the 10 percent statistic a little hard to believe.

KindSight also commented on the p2p ZeroAccess botnet, which changed its C&C protocol and grew to over 1.2 million computers globally. The result is ad-click fraud that can consume the equivalent bandwidth of downloading as many as 45 full length movies per month per subscriber.

"In recent months, we've seen the ZeroAccess botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally," Kevin McNamee, Kindsight Security Labs security architect and director, said in a statement. "The concern with ZeroAccess is that it is using the subscriber's bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks."