Security report finds rise in banking Trojans, adware, fewer viruses

By Robert Westervelt, News Editor 11 Jan 2010 | SearchSecurity.com

Security UK News Digg This!     StumbleUpon     Del.icio.us

PandaLabs, the malware research arm of Panda Security, issued its 2009 annual report Tuesday, outlining the continued rise of more sophisticated forms of malware, including banking Trojans targeting account credentials that have far outpaced known viruses in the wild.

The total number of individual malware samples in Panda's database hit the 40 million mark in 2009. Panda said its research laboratory receives about 55,000 daily samples. Panda researcher Sean-Paul Correll summed up 2009 by calling it the most productive year for malware writers. There were about 25 million new malware strains in 2009 compared to a combined total of 15 million in Panda Security's 20-year history, Correll said in a blog entry announcing the annual report.

Trojans represented 66% of malware -- a sign that automated tools have made creating new Trojan variants fairly easy for attackers. The black market tools are now being sold via subscription models and other formats, helping the less technically savvy person ride the cybercriminal wave.

The PandaLabs 2009 annual report, highlights the growing availability of banking malware kits, which contain increasing functionality, enabling an attacker to control the Trojan and send new instructions. The kits are constantly being tweaked to keep up with bank security measures and create malware that can evade detection. For example, the SilentBanker.D Trojan, discovered in October, can intercept bank transfers and modify account details without the user detecting a problem. Correll said SilentBanker.D was cleverly coded to reside on a victim's computer and falsify online bank statements. The technique enables cybercriminals more time to drain bank accounts.

Panda's adware category, which includes rogueware and fake antivirus programs, represented 17.6% of all malware. The rogueware brings in about $34 million per month worldwide, according to Panda. The phony antivirus is easily tricking users with security alerts designed to mirror Microsoft's Windows Security Center, when in fact it is really JavaScript code running in the browser. Those behind the fake antivirus programs set up attack websites and use search engine optimization (SEO) techniques to ensure the sites get top-billing in search engine results.

The websites also try to coax people into paying for fake antivirus to rid their system of non-existent malware. Panda said the most active rogueware in 2009 was a phony program called SystemSecurity, followed by TotalSecurity2009 and System Guard. Correll said the rogueware families use the most aggressive methods to get users to by the software, including locking them out of files and folders.

The final malware categories documented by Panda include viruses at 6.6% of all malware, followed by spyware (5.70%) and worms (3.4%).

Globally, Taiwan, Russia and Poland share the distinction of having the most infections, while the honor of having the least infections goes to computer users in Sweden, Portugal and the Netherlands.

Smartphones remain relatively safe from malware in 2010
In its predictions for 2010, Panda said cell phones will not be a major target of malware. The PC, including Web applications and Web browser plug-ins, remain the attack vector of choice of malware writers.

"The PC is a homogenous platform, with 90% of the world's computers running Windows on Intel, meaning that any new Trojan, worm, etc., has a potential victim pool of 90% of the world's computers," PandaLabs said in its report. "The cell phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems."

Even third-party applications on smartphones remain relatively safe as many are not compatible from one cell phone OS to another. Apple, Google, Palm and BlackBerry also screen smartphone applications before making them available to users.

"If people begin to operate financial transactions from their cell phones, then maybe we could talk about a potential breeding ground for cybercrime," Correll said.

Other security experts, including Zulfikar Ramzan, technical director of Symantec Security Response, said the increasing popularity of smartphones, including Apple's iPhone and devices running Google's Android OS, will make them more lucrative targets over time.

Tags: Threat and Vulnerability Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Threat and Vulnerability Management Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 What to do with network penetration test results

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary