Malware report highlights rise of toolkit attacks

With pre-teens getting in on the act...

A threat report published by antivirus company AVG has warned of the dangers of malware toolkits, mobile insecurities and pre-teen hackers

AVG has published its latest quarterly report on malware and antivirus threats highlighting both the rise of off-the-shelf virus toolkits and the continued vulnerability of mobile devices.

In one case, the antivirus company reverse-engineered a string of malicious code, and tracked it to an 11-year old boy in Canada targeting online gamers for log-in details.

AVG states that 60 per cent of malware attacks last year were performed by toolkits, while the number of threats on mobile devices totaled 3,930,500 - with Android the most popular target.

Exploit toolkits, essentially packages of code served up and sold by experienced hackers, are attractive to use because they don't always require much technical knowledge.

But admittedly, things get a bit interesting when it turns out that pre-teens are getting in on the action.

“We have now seen a number of examples of very young individuals writing malware, including an 11-year-old from Canada,” said Yuval Ben-Itzhak, CTO at AVG.

“The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page.”

According to the AVG report, younger programmers occasionally left traces of data in the malware's binary code - such as redirecting stolen information to the author's personal email address - which allowed the company to trace the virus.

“We believe these junior programmers are motivated mainly by the thrill of outwitting their peers, rather than financial gain, but it is nevertheless a disturbing and increasing trend," Mr Ben-Itzhak said.

"It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber-crimes.”

The full report can be read here and feel free to let us know your thoughts on mobile security in the comments box below.