Symantec announces Top 7 Android Monetization Schemes, Two New DeepSight Datafeeds and the Symantec VIP Intelligent Authentication
Symantec Threat Researchers Profile Top 7 Android Monetization Schemes
Experts say only the beginning in terms of quantity and sophistication
TORONTO, ON. – October 11, 2011 – Today from Pepcom Mobile Focus at CTIA Enterprise & Applications, Symantec Corp. (Nasdaq: SYMC) announced the publication of new research titled, “Motivations of Recent Android Malware” (PDF). This whitepaper provides an in-depth analysis of the current monetization schemes behind the growing wave of malware targeting the Android mobile computing platform, and schemes likely to be seen in the future.
The paper’s key finding is that the majority of current efforts to monetize mobile malware have only a low revenue-per-infection ratio, thus limiting the return on investment achieved by attackers. However, this ratio is likely to increase in the future as smartphones gain traction as payment devices. Smartphone usage is growing exponentially, with new mobile device shipments increasing 55 percent in 2010.
Click to Tweet: New Symantec research details monetization schemes & trends behind recent #Android malware http://bit.ly/oy5OMk
The whitepaper offers detailed insight into the top current mobile malware monetization schemes observed by Symantec, including how each scheme works and examples of the malware presently being used to carry them out. These schemes are:
· Premium rate number billing scams
· Spyware
· Search engine poisoning
· Pay-per-click scams
· Pay-per-install schemes
· Adware
- mTAN stealing
In addition, the whitepaper describes potential revenue generating schemes likely to be seen in the near future that are capable of increasing cybercriminals’ return on investment. These include stealing and subsequently selling sensitive financial information – such as banking credentials; selling stolen International Mobile Equipment Identity (IMEI) numbers for use on previously blocked or counterfeit phones; and peddling fake mobile security products, a tactic that has been highly successful in the PC realm.
The research also highlights the three factors needed for mobile malware to reach the levels of sophistication and breadth seen with threats targeting PCs. These factors are an open platform, a ubiquitous platform and sufficient attacker motivation
Noted is the rise in prominence of the Android platform, which has largely fulfilled the first two conditions, and we’re seeing the beginning of the third. The research suggests that attackers will no doubt continue to invest in the creation of Android malware as monetization schemes evolve.
Quote:
“Mobile technology is advancing at a rapid pace and cybercriminals are keeping close tabs on these developments,” said Eric Chien, Technical Director, Symantec Security Technology and Response. “The marked increase in mobile malware – particularly that targeting the Android platform –is likely only the beginning in terms of both the quantity of threats and their sophistication.”
Protecting Consumers
To address the potential of Android malware, Norton recently announced several offerings under its Norton Everywhere initiative that go beyond Internet security and give consumers the power to protect themselves and their families across multiple devices and platforms.
· Norton Mobile Security Lite is a free download from the Android Market which seamlessly combines select anti-theft features with powerful antimalware, giving users a sense of security in the event their phone is ever lost, stolen or compromised by malware.
· Norton Tablet Security is a new offering designed specifically for Android tablets to protect devices, privacy and important data against loss, theft, viruses and other threats. It includes web-based antitheft functions like Report Lost, Lock, Locate and Sneak Peek in addition to Antimalware and antiphishing protection.
Protecting Enterprises
Enterprises may also find themselves at risk due to mobile malware; this threat is compounded by the growing consumerization of IT trend and its accompanying management challenges. Symantec offers a full line of mobile security and management solutions to help organizations enable scalable, secure and integrated mobility.
· Symantec Mobile Management 7.1 is a scalable MDM platform that enables enterprise-wide mobile email and application rollouts, safeguards mobile data and devices and provides comprehensive visibility and control of the mobile environment.
· Symantec Endpoint Protection Mobile Edition 6.0 offers comprehensive protection against malicious threats with award-winning antivirus technology, an advanced firewall and SMS Antispam features.
· Symantec Encryption Solutions Symantec Encryption Solutions protect confidential information on hard disks, in e-mail communication and on mobile devices, and are centrally managed through a single console to automatically enforce security policies.
· Symantec Validation and Identity Protection (VIP) provides two-factor authentication to verify users’ identity when logging into online accounts. The VIP Access for Mobile credential can be downloaded onto more than 800 different mobile phone models and provides out-of-band authentication across more than 700 websites.
Related
· Blog Post: New Symantec Research: The Motivations of Recent Android Malware
- Podcast: Mobile Security & Management: A Holistic Approach
- Norton Tablet Security
- Norton Mobile Security Lite
- Symantec Mobile Management 7.1
- Symantec Endpoint Protection Mobile Edition 6.0
- Symantec Encryption Solutions
- Symantec Validation and Identity Protection (VIP)
- Norton Everywhere
- Expert Biography: Eric Chien
Connect with Symantec
- Follow Symantec ThreatIntel on Twitter
- Follow Symantec on Twitter
- Join Symantec on Facebook
- Join Norton on Facebook
- Read Industry Trends on Delicious
- View Symantec’s SlideShare Channel
- Subscribe to Symantec News RSS Feed
- Visit Symantec Connect Business Community
About Security Technology and Response
The Security Technology and Response (STAR) organization, which includes Security Response, is a worldwide team of security engineers, threat analysts and researchers that provides the underlying functionality, content and support for all Symantec corporate and consumer security products. With Response centers located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the Internet, receives data from 240,000 network sensors in more than 200 countries and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection.
About Symantec
Symantec’s Canadian operations are headquartered in Toronto with offices in Montreal, Ottawa, Calgary and Vancouver. For more information on Symantec products or current promotions, access Symantec’s Canadian Web site at www.symantec.ca. Symantec is an active member of the Business Software Alliance (BSA).
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
###
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Forward-looking Statements: Any forward-looking indication of plans for products or programs is preliminary and all future release or delivery dates are tentative and are subject to change. Any future program plans, or release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making program participation or product purchasing decisions.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Technorati Tags
Symantec, cybercrime, malicious code, hackers, Internet security, mobile security, mobile malware, Android
New Symantec DeepSight Reputation DataFeeds Identify Attack Actors, Malicious Activity Sources in Real-Time
TORONTO, ON. – October 11, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced two new DeepSight datafeeds – Symantec DeepSight IP Reputation DataFeed and Symantec DeepSight URL Reputation DataFeed, which provide critical intelligence about known attack actors in a format that enterprises can use to automatically trigger systems for active protection or incident management.
Both new datafeeds are Web services, which provide enterprise applications with up-to-date and actionable intelligence about malicious activity on the Internet, such as malware distribution and botnet command and control. These datafeeds are derived from observed activity on the Internet over a 24 hour period, and can be automatically integrated into a wide variety of enterprise security and incident management systems to reduce exposure to emerging threats.
Click to Tweet: Symantec DeepSight Reputation DataFeeds help enterprises ID bad guys in real time http://bit.ly/nfP92y
Cyber threats are more frequent and sophisticated than ever before, and capable of doing great damage to critical systems and information. For enterprise security teams, it is a challenge to keep pace with the changing threat landscape. Sixty-eight percent of enterprises surveyed in the upcoming 2011 Threat Management Survey identified the lack of threat intelligence as one of their top two concerns.
Derived From the Symantec Global Intelligence Network
By performing deep proprietary analysis of billions of events from the Symantec Global Intelligence Network, DeepSight Reputation DataFeeds identify the 100,000 most malicious IP addresses and thousands of malicious URLs during a 24-hour period. Malicious activity is categorized by the type of behavior observed by sensors in the Global Intelligence Network. A hostility score is calculated based on the frequency of activity and a confidence rating is assigned based on the number and types of sensors detecting the activity. The XML formatted datafeeds allow enterprise security teams to easily integrate this intelligence into their security applications and tune their responses based on their organization’s risk profile.
“Our new DeepSight Reputation DataFeeds are designed to deliver critical intelligence to help our customers get ahead of new threats,” said Samir Kapuria, senior director, Symantec Security Intelligence Group. “Combining Symantec’s real-time global security intelligence with our customer’s internal visibility enables them to be more focused and prevent attacks before critical systems and information have been compromised.”
Tapping Into DeepSight Intelligence
Symantec DeepSight Intelligence includes DeepSight Early Warning Services, DeepSight DataFeeds as well as the direct integration of DeepSight intelligence into a range of Symantec solutions. DeepSight Early Warning Services deliver tailored information, analysis and mitigation strategies to address known and emerging threats and vulnerabilities, accessible through the DeepSight Services Portal. DeepSight DataFeeds deliver actionable intelligence in formats which are easily integrated into a wide variety of enterprise security systems.
Many Symantec solutions directly integrate DeepSight intelligence to deliver more proactive and effective security, including Symantec Managed Security Services and Symantec Protection Center. The new Symantec VIP Intelligent Authentication solution integrates the Symantec DeepSight IP Reputation DataFeed to identify high-risk login attempts from suspected malicious sources, and invokes additional out-of-band authentication methods such as an SMS text message, phone call or e-mail to mitigate this risk.
Comprehensive Threat and Vulnerability Intelligence
Symantec has established some of the most comprehensive sources of Internet threat data in the world. The Global Intelligence Network encompasses worldwide security intelligence data gathered from a wide range of sources, including more than 240,000 sensors monitoring networks in over 200 countries through over 133,000 Symantec products and services, an estimated 8 billion emails per day, and from additional third-party sources. In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 40,000 recorded vulnerabilities affecting more than 105,000 technologies from over 14,000 vendors.
Availability
The Symantec DeepSight IP Reputation DataFeed is available now. For more information, please visit: http://bit.ly/noMURB. The Symantec DeepSight URL Reputation DataFeed is expected to be available later this year.
About Symantec
Symantec’s Canadian operations are headquartered in Toronto with offices in Montreal, Ottawa, Calgary and Vancouver. For more information on Symantec products or current promotions, access Symantec’s Canadian Web site at www.symantec.ca. Symantec is an active member of the Business Software Alliance (BSA).
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
###
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Forward-looking Statements: Any forward-looking indication of plans for products or programs is preliminary and all future release or delivery dates are tentative and are subject to change. Any future program plans, or release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making program participation or product purchasing decisions.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Technorati Tags
Symantec, cybercrime, malicious code, hackers, Internet security, mobile security, mobile malware, Android
Symantec Introduces Intelligent Authentication to Combat Evolving Threats
TORONTO, ON. – October 11, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced Symantec VIP Intelligent Authentication, a powerful addition to its cloud-based user authentication service, Symantec VIP. Dedicated to protecting an organization’s network and applications against unauthorized access, Symantec VIP Intelligent Authentication enables strong authentication that is both effective and unobtrusive for the end user.
Symantec VIP Intelligent Authentication employs advanced security technologies including: system fingerprinting, user behavior monitoring and geolocation access monitoring. In addition, Symantec VIP Intelligent Authentication leverages Symantec DeepSight intelligence, which has some of the most extensive data on IP address reputation and URL reputation, in order to thwart potentially malicious activity by denying access.
Click to Tweet: Symantec VIP Intelligent Authentication adds powerful risk based authentication to VIP http://bit.ly/nTPJ85
“As more organizations push to online` and mobile channels to deliver services to their end users, the need for simple, yet strong authentication solutions will continue to grow as a password only approach is simply not secure,” said Fran Rosch, vice president, Trust Services and Identity Protection, Symantec. “The new VIP Intelligent Authentication gives organizations one of the most advanced authentication solutions in the market that is delivered as a cost effective cloud-based service and provides end users with a seamless authentication experience.”
Superior Protection from Emerging Threats
Attackers are constantly changing tactics by leveraging malware and social engineering efforts to steal password credentials and hopping between compromised hosts to launch attacks, thus organizations must stay ahead of these emerging threats.
Symantec VIP Intelligent Authentication offers a unique suite of tools providing among the best possible protection for customers. Using DeepSight intelligence derived from the Symantec Global Intelligence Network, VIP Intelligent Authentication can quickly identify and prevent potentially damaging login attempts from IP addresses associated with known attack actors. VIP Intelligent Authentication can also strengthen the authentication process by leveraging devices already equipped with Symantec Endpoint Protection, Norton, or Intel Identity Protection Technology (IPT) to better prevent logins from unknown or risky endpoints.
Further demonstrating its dedication to the security and management of mobile devices, Symantec VIP Intelligent Authentication extends strong authentication to web-based applications accessed from these devices. With the influx of mobile devices across the globe, organizations can now provide secure multi-factor authentication using VIP Intelligent Authentication.
Convenient, Strong Authentication
While most organizations are aware that simple usernames and passwords no longer provide adequate resilience against today’s sophisticated attacks, they’re also concerned that an onerous technology may hurt adoption and usage. Symantec VIP Intelligent Authentication solves this problem, providing strong, multi-factor authentication without changing the login experience for users. All the strong authentication—such as device verification, behavior analysis, reputation and geo location analysis—happens seamlessly. Only if a login is deemed suspicious, is the user challenged to provide more information such as a onetime password that is sent over email or SMS.
A Comprehensive Solution
As part of the Symantec Validation and ID Protection Service (VIP), VIP Intelligent Authentication validates Symantec’s promise to deliver a comprehensive, flexible, and robust set of authentication solutions. With Symantec VIP, organizations can deploy not only risk-based authentication, but also hardware or software one-time password (OTP) tokens, mobile OTP tokens, and SMS or voice-enabled OTP authentication—all from a single, unified authentication solution. Strong authentication, coupled with Symantec’s Encryption and Data Loss Prevention products, not only enhances the VIP portfolio but provides a firm foundation for an information-centric approach to protecting an organizations’ data from unwanted viewers.
Availability
Symantec VIP Intelligent Authentication is available now and included with Symantec VIP at no additional incremental cost. Symantec VIP is delivered as a cloud-based service and licensed on an annual per-user subscription basis. For more information, please visit: http://symantec.com/business/verisign/vip-authentication-service.
Additional Resources
Connect with Symantec
· Subscribe to Symantec News RSS Feed
· View Symantec’s Slideshare Channel
· Visit Symantec Connect Business Community
About Symantec
Symantec’s Canadian operations are headquartered in Toronto with offices in Montreal, Ottawa, Calgary and Vancouver. For more information on Symantec products or current promotions, access Symantec’s Canadian Web site at www.symantec.ca. Symantec is an active member of the Business Software Alliance (BSA).
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
###
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Forward-looking Statements: Any forward-looking indication of plans for products or programs is preliminary and all future release or delivery dates are tentative and are subject to change. Any future program plans, or release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making program participation or product purchasing decisions.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.