Digitally signed malware samples tripled in 2013, says McAfee Labs

The number of digitally signed malware samples tripled to more than 8 million suspicious binaries in 2013, driven largely by the abuse of automated Content Distribution Networks (CDNs) that wrap malicious binaries within digitally signed, otherwise legitimate installers, said McAfee Labs.

In the fourth quarter, McAfee Labs found more than 2.3 million new malicious signed applications, a 52 percent increase from the previous quarter. The practice of code signing software validates the identity of the developer who produced the code and ensures the code has not been tampered with since the issue of its digital certificate.

Though the number of signed malware samples includes stolen, purchased, or abused certificates, the vast majority of growth is due to dubious CDNs. These are websites and companies that allow developers to upload their programs, or a URL that links to an external application, and wrap it in a signed installer.

McAfee ScanAlert

McAfee Labs team warns that the growing number of maliciously signed files could create confusion among users and administrators, and even call into question the continued viability of the CA model for code signing.

McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority (CA) model for authenticating “safe” software.

The POS malware used in the attacks were relatively unsophisticated technologies likely purchased “off the shelf” from the Cybercrime-as-a-Service community, and customized specifically for these attacks, said McAfee Labs Threats Report: Fourth Quarter 2013.

Attempted sale of stolen credit card numbers and personal information has been compromised in the Q4 retail breaches. The researchers found the thieves offering for sale some of the 40 million credit card numbers reported stolen in batches of between 1 million and 4 million at a time.

McAfee Labs collected 2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter alone. Our mobile malware zoo of unique samples grew by an astounding 197 percent from the end of 2012.

The volume of new ransomware samples rose by 1 million new samples for the year, doubling in number from Q4 2012 to Q4 2013.

McAfee Labs recorded a 70 percent increase in the number of suspect URLs in 2013.

In 2013, McAfee Labs found 200 new malware samples every minute, or more than three new threats every second.

McAfee Labs found 2.2 million new MBR-attacks in 2013.

[email protected]