Malware will plague mobile devices, says McAfee

Mobile malware will increase in 2006, causing extensive damage to mobile devices, because only a small percentage of mobile users run security software, according to McAfee Inc.’s security research lab.

The McAfee AVERT Labs has warned mobile viruses are growing at a fast clip. Mobile malware has grown nearly 10 times faster then PC malware over a one-year period, the company said.

Mobile viruses are potentially more dangerous than PC viruses because they can spread more quickly, since mobile antivirus is not as widely used as PC antivirus software. According to McAfee, e-mail and Internet users generally don’t see the same potential for attacks on mobile devices as they do on their PCs, which compounds the threat of mobile attacks in 2006.

While McAfee raised “some good points”, one Canadian analyst believes attacks on mobile devices — such as smart phones and PDAs — will remain low in 2006, as it did last year, despite security vendors’ warning that 2005 would be a big year for mobile threats, said Ross Armstrong, senior research analyst at London, Ont.-based Info-Tech Research.

“The fact of the matter is that the number and severity of mobile viruses still remain relatively low, and I think it will remain somewhat low also for 2006,” said Armstrong. He said, however, that as more companies take advantage of mobile technology, they would become greater targets for attacks. It is a good idea, therefore, to put policies in place to secure mobile devices.

This trend is more significant in Canada with its estimated three million field service workers and greater Internet connectivity than its American counterpart, said Armstrong.

Still, the analyst pointed out, security features on mobile devices could not be as robust as desktop PCs and laptops since most smart phones and PDAs have a smaller footprint and limited storage. “VPN access, data encryption, a personal firewall and a full complement of anti-virus and anti-spyware software solutions…cannot fit into smaller devices,” said Armstrong.

Research in Motion (RIM) recently announced a vulnerability on BlackBerry devices, which allows an attacker to use a corrupt TIFF image file that can stop a user’s ability to view e-mail attachments. As of this writing, RIM had developed a solution and was undertaking testing. In the meantime, the company advised administrators to either block TIFF attachments or completely disable the attachment service in BlackBerry Enterprise Server.

McAfee, which recently celebrated the 10th anniversary of its labs, has bad news for PC users too. In addition to mobile malware, McAfee said commercial potentially unwanted programs (PUPs) and phishing attacks through Trojan horse programs will also increase in 2006. Trojans turn infected computers into phishing Web sites and then spam PC users to lure them to the infected machine or site.

In 2005, there was a 40 per cent increase in PUPs, such as spyware and adware, and McAfee expects that growth to continue this year. However, the company noted the crackdown on PUPs by industry groups and federal authorities in 2005 could potentially thwart some of these attacks.

Phishers are also expected to get more creative in the way they craft their attacks, the company said. Phishers will continue to exploit people’s willingness to help others in need, as they did after Hurricane Katrina hit the U.S. Gulf Coast region. They will also more narrowly focus their attacks through spyware programs and password stealers, according to McAfee. The company said it expects to see more password-stealing Web sites and other attacks that attempt to capture a user’s ID and password through a fake sign-in page.

Popular online services, such as eBay Inc., will also come under increased phishing attacks in a bid to steal users’ identity, the company said.

QuickLink 065654