Mobile device security threats are taking center stage as IT managers strive to protect and control these nimble creatures that contain company information and access the company network. But looking at the big picture of all IT security concerns, just how significant are specific types of mobile device threats? According to one expert, mobile botnets, at least, should not keep you awake at night.
Mobile botnets are created when an attacker infects a number of mobile devices with malicious software. The infected devices communicate with other mobile devices, thus spreading the infection and growing the botnet. The attacker’s goal, in theory, is to gain root control of the mobile devices in order to use their combined bandwidth and computing power for nefarious means.
In an interview with SearchSecurity.com News Director Rob Westervelt, Joe Stewart, director of malware research at Dell SecureWorks, provided his perspective on the relative importance of the mobile botnet threat. Because mobile networks don’t have as much bandwidth as broadband connections, Stewart said, mobile botnets are not likely to be very profitable for the botnet operator.
“I don’t think you can say at this time that someone will get a whole lot of value out of a mobile botnet,” Stewart said. “There are certain categories where it is useful, but as a DDoS botnet, it would probably be pretty abysmal.”
However, findings by Symantec Corp. suggest revenue for the mobile botnet “industry” may be on the rise. Writing in Symantec’s official blog in February, Symantec Security Response Engineer Cathal Mullaney noted the discovery of one particular mobile botnet that had the ability to use premium SMS scamming to generate millions of dollars a year.
Still, all indications suggest mobile botnets are a small niche in the overall threat landscape. Antimalware investments might be better spent in other areas right now, but be wary of a possible invasion of mobile botnets in the future as attackers prey on the relatively easy vulnerabilities of mobile platforms.