Apple, Inc. (AAPL) may be losing the smart phone sales race to Google Inc. (GOOG), but it’s winning one important front in the war, at least — malware.
I. Apple is the Winner When it Comes to Smart Phone Security
While many Apple hackers have suggested the iPhone to be quite hackable, and even exposed some major security flaws [1][2] (subsequently patched), thus far there are no known pieces of malware in the wild which target users of stock iPhones. There are only four known pieces of malware, according to Intel Corp. (INTC) unit McAfee, all of which exclusively target jailbroken iPhones [1][2].
Meanwhile, Android has seen malware rise by 76 percent over the last year. There’s now 44 known pieces of malware that target standard versions of Android. Recently the first Android botnets have appeared prompting U.S. carrier AT&T, Inc. (T) to roll out free protection to its subscribers. Botnets are networks of infected computers typically used to send spam or execute distributed denial of service attacks.
Other common pieces of malware include what McAfee calls “crimeware”, malware which disguises itself as seemingly legitimate apps — often repackaged versions of best-selling apps. The apps often contain code to send premium-rate text messages. Recent reports have put the infection rates for this kind of malware at as high as 260,000 phones earlier this year.
Similar attacks have targeted Finnish phonemaker Nokia Oyj.’s (HEL:NOK1V) Symbian platform and Research in Motion’s (TSE:RIM) Blackberry’s, though McAffee says the number of those malicious apps are smaller.
McAfee claims the second most infected platform is the multi-device Java ME platform, acquired and maintained by Oracle Corp. (ORCL) after its acquisition of Sun Microsystems.
The reason for Apple’s superior security is the topic of much heated debate. While Android’s sales volume may make it the most tempting target, the iPhone is still posting a large sales, so you would expect it also to be targeted by criminals.
Possible factors affecting Apple’s security include its stricter monitoring of its app store. While Apple has been much-criticized for being too heavy-handed, Google’s laissez-faire approach has lead the OS-maker to struggle to maintain a secure marketplace. Another possible factor includes the fact that Google still sells many handsets with outdated version of Android, like Android 1.5 or 2.1 — versions which may be more vulnerable to exploitation.
The full McAfee report can be found here, on Scribd.
II. (MacDefender == Dead)?
In related news, Apple received more pleasant news recently on the security front. The news concerned MacDefender, a fake antivirus trojan, which infected as many as one in every twenty Mac computers in June.
Following a raid and arrest of suspected Russian spam kingpin Pavel Vrublevsky (who ironically worked for the Russian government as an anti-spam chief), MacDefender variants are drying up in the wild.
For a while Apple was struggling to keep up with the volume of new variants. Russian police found evidence on the computers of Mr. Vrulevsky’s online payment firm Chronopay linking it to paying Russian hackers to create new version of MacDefender.
With Mr. Vrublevsky’s imprisonment the virus seems to be on its last legs, suggesting the Russian was a major mastermind behind the wildly successful Mac attack.
Mr. Vrublevsky was originally exposed by Brian Krebs of The Washington Post. Following our piece on the topic we received the following email from Chronopay:
Dear Brandon,
Let me introduce myself.
My name is Lidia Golikova, I am communications director in Chronopay
company. I am writing You as Ethics representative of Global Tech News concerning
the article writing by Jason Mick Russian government is investigating
the incident
https://www.global-tech-news.com/Russian+AntiSpam+Chief+Caught+Spamming
/article18423.htm?utm_source=twitterfeed&utm_medium=twitter.
We would be very appreciate, if you could remove this article from your
site, because it is doubtful and discredited our company.
Moreover this article was published early – a half a year ago – in another
web site. Here it is link
http://ledgerlink.monster.com/news/articles/1064-russian-anti-spam-chief-caught-spamming.
You could guess why one person writes the similar articles on one
subject in different media.
Speaking about http://ledgerlink.monster – it is small web site for very
short professional audience that is why we did not contact with them. But
Global Tech News is respectful leading online magazine for a well-educated
audience. Much people read you and hear your opinion. That is why to our
opinion it is very important that correct information will be publish in
your magazine.
opinion it is very important that correct information will be publish in
your magazine.
I hope for understanding and cooperation,
Best regards,
Lidia Golikova
Apparently we were justified in standing behind the piece.