While Android Ransomware debuts, year old MSOffice malware resurfaces, in Q2 2014

Cyberoam releases co-branded CYREN Internet threats trend report, for the second quarter of 2014.

Ahmedabad, September 05, 2014

Android malware undoubtedly reigned the second quarter this year. Not only was the first android ransomware reported, but various variants of android malware were seen dominating the threat landscape the last quarter. Cyberoam, in collaboration with its partner, CYREN brings you a detailed Internet threats trend report with some recent web malware and spam trends of the second quarter (April-June) of 2014.

Debut of the first type of Android ransomware

Q2 2014, saw the first type of Android ransomware, which locks valuable user files, such as photos and documents, using strong encryption. The first version of Android ransomware appeared in May, but lacked a true encryption threat. In the first instance the malware takes over the phone and displays a message demanding a fine to use the device again. But the real thing appeared a month later, when actually the files were encrypted on the device’s secure digital (SD) card, blocking phone use by displaying a similar message and demanding a fee to decrypt the blocked files.

In terms of other aspects of android malware, CYREN experts found that72% of all Android malware wereSMS Trojan. The remaining 28% break down as follows: 14%-adware, 7%-other (such as banking or fake antivirus), and 4%-spyware/monitor, and 3%-backdoor.

MSOffice malware utilising CVE-2010-3333 vulnerabilityresurfaces

Persistence is a certain trait among Malware criminals. Amongthe latest malware to affect PCs isa malware distributed via the PDF’s built-in scripting capabilities, has been detected. Although Microsoft has patched the same, malware targeting the CVE-2010-3333 vulnerability continues to return.

‘Trust among Thieves’

The report, includes a brief of the in-depth research the paper ‘Trust Among Thieves’ presented at the recent 9th Annual ACM Symposium on Information, Computer and Communications Security,in June 2014. The paper discusses the in-depth researchinto the relationship between three key contributors to the spam process: the harvester who creeps around the Web collecting valid email addresses; the botmaster, who controls the Internet connected programs that distribute the spam; and the spammer-the communicator who develops emails that both evade anti-spam filters and entice the reader.

Some other report highlights include the “Pump-and-dump” stock spam, accounting for 17% of all spam emails this quarter, and Spain and Argentina continue to lead as spam producing countries. And, for the first time in four years, India lost the top “zombie country” spot, conceding the crown to the Russian Federation.In addition to this the report covers Global Banking and World Cup Criminals, Key Spammer Relationships, Quarterly Spam Levels, Monthly Spam Level fluctuations, 2nd Quarter Spam Topic Trends and more.

To read and download the complete report, click here.

About Cyberoam Technologies Private Limited

Cyberoam Technologies, a Sophos Company, is a global Network Security appliances provider, offering future-ready security solutions to physical and virtual networks in organizations with its Next-Generation Firewalls (NGFWs) and Unified Threat Management (UTM) appliances. The virtual and hardware Cyberoam Central Console appliances offer Centralized Security Management options to organizations, while Cyberoam iView allows intelligent logging and reporting with one-of-their-kind, in-depth reports. Cyberoam is accredited with prestigious global standards and certifications like EAL4+, CheckMark UTM Level 5 Certification, ICSA Labs, IPv6 Gold logo, and is a member of the Virtual Private Network Consortium. For more information, please visit www.cyberoam.com


CYREN is a leading provider of cloud-based security solutions that deliver powerful protection through global data intelligence. Regardless of the device or its location, CYREN’s easily deployed web, email, and anti-malware products deliver uncompromising protection in both embedded and Security as a Service (SecaaS) deployments. Organizations rely on CYREN’s cloud-based threat detection and proactive security analytics to provide up-to-date spam classifications, URL categorization and malware detection services. The CYREN GlobalView™ Cloud Platform leverages Recurrent Pattern Detection™ technologies to protect more than 550 million users in 190 countries. CYREN is traded on the NASDAQ Capital Market and the Tel Aviv Stock Exchange (TASE) under the trading symbol “CYRN.” Visit the CYREN GlobalView Security Center or go to www.CYREN.com