92% of Android Application Found Under Malicious Attacks

Smartphone and Mobile malware are in cutthroat competition but if we look at the figures of last year, we reveal that mobile malware is leading than Smartphone makers. The third annual Mobile Threat report shows that during March 2012 to march 2013, mobile malware shoots at 614% with a 276259 malicious apps in mobile market, which shows a 155% increase in malicious apps. According to Juniper report, which is grounded on an analysis of more than 1.85 million mobile apps and vulnerability over different mobile operating systems (OS)?
The usage of OS is increasing; cybercriminals are becoming active. They target operating systems instead of cracking individual system. The report also revealed that Android is the most infected OS that carries 92% of all founded threats.
According to Canalys 2013, report Android dominates 59.5% market share in mobile apps where Apple was on the second position with a 19.3% and Microsoft is holding with an 18.1% market share.

The reason behind prevailing mobile malware on Android platform is not using updated android version. A report says that only 4% users were using updated android version. Mostly users use Gingerbread and Ice cream sandwich so they lack new security updates from Google. That does not mean that other operating systems like Apple iOS are not vulnerable.

The majority malware targets SMS, which were sent out unknown numbers set out by cybercriminals. The report said:

• 48% SMS Trojans recorded for malware attacks.
• 29% malware spreads due to fake installations.
• 19% malware came from Trojan Spy malware.

Major apps infected by cybercriminals are Google Play, Skype, Adobe Flash, and Angry Birds, Bad Pigs.
To minimize the risk of OS malware, users should have latest update OS version, never install app through third party, do not allow personal information on your device.
The Juniper report focuses on four indicators like increase in malware target, increase in third party downloads, holes in mobile payments, and fragmentation.

• In 2010, the count for Android malware was around 24%
• In 2011, the Android malware figure augmented to 47%
• In 2013, the Android malware figure grew to 92%
• More than 500 third party Android app stores carry mobile malware.
• Three out of five third party stores are from China and Russia.
• Less sophisticates mobile criminals focus on mobile payments via SMS Trojans and fake installers. According to report, they earn $10 on each download.
• 77% of Android malware came from SMS threat.

The Canalys report said that there is probably expectation of 1 billion of Android smartphones to dispatch in 2017. The reason behind prevailing Android malware is its open friendly ecosystem for apps and developers. Google has to work a lot to draw people to its Android version and make free them from mobile malware. Google need enhanced protection for mobile users and organizations and OEMs and software vendors must work in a focused way to lessen mobile threats and vulnerabilities.

---

About The Author

Abel Wike lives in Delaware, USA. Head of fraud prevention division; she has four years experience on online security activities at ClickSSL.com. She recommends, use GeoTrust Anti Malware Scan to make malware free website.

Read More

Common Ajax Security Vulnerabilities and How to Resolve Them

Ajax, or Asynchronous JavaScript + XML, to use its full, unabbreviated name, is a collection of web technologies that web designers and developers use in order to create applications for websites. Many mistake ajax for being a technology in itself, rather than a collection of technology platforms. Ajax is easy to implement and has a range of possibilities, which makes it one of the most popular solutions for anyone involved with web development and design. Using ajax applications also helps to boost the user experience of a site and increase website speed, which are both increasingly important factors for SEO and delivering online business growth.
However, as with all applications, ajax ones are vulnerable to attack; using ajax on your website won’t make you any more or less susceptible to cybercrime or malware attacks, for example.
The key to protecting yourself and your ajax applications from attack is to be aware of the vulnerabilities, and to take preventative action to prevent such attacks occurring.
What are the most common attacks and what preventative measures can you take?

Browser-based Attacks

This happens when a cybercriminal or hacker is able to get into the JavaScript of a website and run a variety of codes. A browser-based attack might take many forms, such as planting a virus on the system of anyone to access it, or redirecting pages of the website, usually the homepage, elsewhere.
The worst browser-based ajax attacks are designed to prevent malware from being accessed, meaning anyone falling victim to this has the double-whammy of not being able to do anything about their problem.
The easiest way to prevent this particular problem is to stop using JavaScript, but in doing so you’ll be removing the potential for potentially thousands of applications to run on your site. Instead, ensure firewalls and any software you use for your website is kept up to date, as these will feature the latest fixes and other security updates.

Cross-site Scripting (XSS)

XSS is an example of injecting malicious code into your site, which is then passed onto browsers without them realizing. Criminals and hackers might use XSS for various instances of cyber-fraud, including identity and data theft, the stealing of other confidential information, including company financial records, spying on users’ internet use, and more. This is clearly something that all website owners want to avoid hitting their website, as it has the potential to ruin their reputation as well as cost them a lot of money. Twitter was famously hit by an XSS attack in 2010.
There are several steps ajax developers can take to reduce the risk of XSS affecting them, including:

•  Not using backslash encoding
•  Using JavaScript hex and Unicode
•  Using JSON.parse or json2.js libraries to parse JSON

Ajax Bridging

Ajax bridging is not a problem in itself, but there are vulnerabilities that can have catastrophic consequences if not protected against. The problem comes with websites that host third-party applications on their own website, hence ‘ajax bridging’ from one site to another.
Attacks, including XSS, can pass through these applications, meaning if you’re hosting an application that links to a site that has been attacked, you may be attacked, too. Hackers and criminals who target specific sites often use this method if they have been unable to exploit any other vulnerability, either within ajax or any other types of applications.
While the obvious solution might appear to be to avoid ajax bridging, it may be the case that it is a necessary feature of your website. With that in mind, ensure you audit any third party website that can access your own, and take steps to assure yourself their security features heavily minimize the likelihood of attack. Use scanning software, too, and ensure you can trust any website before you allow them to access your data or browsers.

Dealing with Ajax Vulnerabilities

The biggest thing to remember with ajax vulnerabilities is that they don’t present anything unique in terms of cyber-security, so can all be dealt with relatively easily. However, as with things such as SEO, it has to be stressed that dealing with ajax issues isn’t something that you merely do once; it is an on-going process that should be a central part of your web auditing and development. Having it on your agenda will ensure that, as your website grows, you’re always able to deal with any potential issues before they have the opportunity to occur.

---

ABout The Author:
Robert McKinley is an online technology expert who specializes in security, specifically with regards to online applications, VPS hosting and other web hosting solutions, third-party plug-ins, and online data protection.

Read More