Symantec Vision day two: mobile malware demos

It was the turn of Symantec's Security Response Team on day two of Vision 2011 in Barcelona, as we were shown a couple of interesting demos illustrating a typical targeted attack and a mobile malware threat.

First up, security operations manager Orla Cox explained the now familiar route for criminals determined to infiltrate organisations undercover, first via malicious email and then with the help of remote access tools.

We then saw in action how a remote access tool like this can enable a hacker to take complete control of an infected machine with the same ease that a user might log-in via Citrix's popular GoToMyPC tool.

More impressive still was a demo of the Geinimi Trojan, which has been discovered doing the rounds on several unofficial Google Android app stores in China.

Although cyber criminals are using a variety of methods to make money out of mobile malware - adware, pay-per-install, pay-per-click, search engine poisoning and premium rate billing - the number of unique malware samples discovered so far is relatively low at 266, according to Symantec global security response director Kevin Hogan.

The most popular delivery vector is still via application stores, he explained.

"They take a clean app, break it apart, copy in malicious code, bundle it together and post it to the app store," said Hogan, adding that Android app stores are more likely to feature such malicious apps than the iOS App Store.

Elsewhere, we heard all about Symantec's plans for the cloud. Rowan Trollope, SMB and Symantec.cloud president, revealed that the firm will offer all of its security products "that make sense" in the cloud sooner rather than later.

Lots of food for thought at a much more insightful day at the event, as is often the case with the major product announcements safely out of the way.