Russian, Chinese coders may be responsible for bulk of mobile malware

Fortinet (NASDAQ: FTNT) - a leading network security provider and the worldwide leader of unified threat management (UTM) solutions today announces that while precise attribution regarding the location of malware writer(s) is difficult at best, data recently published by network security provider Fortinet seems to point squarely at Russia and China as the locations producing the overwhelming majority of the mobile malware families the company has detected thus far.

Fortinet has been collecting mobile malware data for the last two years, and just recently published some of its findings for the first time. The firm's threat researchers track and log mobile malware families (not variants) as they are discovered, logging them by the date they were created by the author.

To date, Fortinet has attributed 33% of all mobile malware it has detected to Russian sources, with China taking the runner-up spot at 28%. The US comes in a distant third at 7%, followed by Indonesia (5%) and India (4%).

Axelle Apvrille, an expert in cryptology and senior anti-virus analyst with Fortinet, discussed some of the findings in her recent security blog, where she was quick to point out that, when it comes

to malware, the attribution of origin in nearly always uncertain?.

However, Apvrille told Infosecurity that there are several clues she looks for when examining mobile malware that may help indicate the source. In one particular example she provided, a piece of malware could be downloaded from a Chinese website; it then contacted another

Chinese site and sent an SMS to a Chinese phone number.

We usually attribute a given family to a country when we spot several indications leading to the same country, Apvrille noted in her recent blog. Yet, even Å?strong hints can be misleading, she

warned, adding they could intentionally be left in the malware, for example.

Another interesting find from the data shows the Symbian mobile operating system as the most frequently targeted (>50%), according to the samples collected by Fortinet, with another 15% affecting Java ME midlets.

Apvrille said that the percentage of malware targeting Symbian has decreased as of late. She did add that the company has registered several new Android malware pieces over the last few weeks, but cautioned that the data cannot be easily converted into reliable statistics because Fortinets stats include only malware families, and does not take into account the fact [that] a given family may have several variants or be particularly active.