Saturday, January 10, 2009

Malware - 22,000 new samples each day

22,000 New Malware Samples Detected Every Day in 2008, According to PandaLabs Annual Report
see also PandaLabs 2008 Annual Report

PandaLabs, Panda Security's malware analysis and detection laboratory, today announced the general availability of its 2008 annual report. Last year PandaLabs detected an average of 35,000 malware samples each day, 22,000 of which were new infections. By the year's end, the total count of malware threats detected by PandaLabs exceeded 15 million. This number surpassed initial projections by over 5 million and resulted in Panda's detection of more malware in the first eight months of 2008 than in the company's previous 17 years combined.

99 percent of these new threats were automatically detected by Panda Security's Collective Intelligence technology, which performs malware scanning, detection and analysis in the cloud. This approach provides the ability to maximize malware detection capabilities through gathering real-time data from the cloud, while at the same time minimizing the resource and bandwidth consumption of protected systems.

The majority of this new malware (67.7 percent) was classified as Trojans, meaning it was designed to steal confidential data such as bank accounts, passwords and the like. A breakdown of malware by category (e.g. Adware, Spyware, Trojan, etc.) and month can be found here:

"Computer users often underestimate the threat that malicious software represents," explains Ryan Sherstobitoff, chief corporate evangelist for Panda Security. "For this reason, on many occasions they may provide little or no security measures for their computers. The reality is that malware has increased exponentially over the past few years and this false sense of security helps cybercriminals to infect more computers without being discovered."

Trojans represented the most common malware infection at 70.1 percent of total detections, followed by adware at 19.9 percent and worms at 4.22 percent. These three types of infections combined represented the majority of malware detected in 2008, totaling 94 percent.

With respect to the threats that increased the most last year, PandaLabs' annual report also highlights the emergence and rapid rise of rogue antivirus programs. These new programs are a special type of adware that trick the computer user into believing they have been severely infected by multiple dangerous malware and offer a paid solution to supposedly remove the infections. The fake antimalware programs cost approximately $70.00 and collectively generate $13.65 million dollars a month for their creators, according to estimates from PandaLabs.

Banker Trojans: The Threat Continues

Banker Trojans are designed with the sole objective to steal the victim's bank account information in order to access their accounts. Normally these Trojans run silently in the computer's memory and only activate when the victim accesses certain bank websites.

"For cybercriminals, it's relatively simple to obtain these malicious programs since there is a thriving marketplace for custom designed Trojan creation kits," explains Sherstobitoff. "These kits allow the creation of Trojans which not only offer multiple features, but also have the ability to be controlled remotely."

The most active banker Trojans that PandaLabs identified fell into the following three families:

1) Brazilian Banker Trojans (Banbra, Bancos): These are mainly designed to steal passwords to Brazilian and Portuguese banks, although the Bancos family also targets Spanish banks occasionally. They normally transmit the information obtained through FTP or email.

2) Russian Banker Trojans 1.0 (Cimuz, Goldun): This type of Trojan has become less prevalent over time, since its lack of new functions makes it easier to detect. However, there are many variants still in circulation.

3) Russian Banker Trojans 2.0 (Sinowal, Torpig, Bankolimb): Created to replace its predecessors, variants of this family are constantly changing and being updated, which makes generic detection difficult. All of these have a common function. The list of target banks and organizations is obtained from a configuration file, which is either included with the Trojan or obtained from a server controlled by the cyber criminal, so the Trojan itself does not need to be modified in order to add a new target bank.

PandaLabs 2008 Annual Report additionally gathers information about the current spam situation, the most important vulnerabilities of 2008 and trends in the malware threat landscape entering 2009.

No comments: