We often hear Malware being referred to as a broad categorization for all bad things on the internet. In reality however, there are many different types of attacks that make up this threat category.
Data collected on the geographical distribution of malware “Phone Home” locations in the first half of 2009 shows that the USA hosts 35% of malware worldwide, followed by China (14%) and Brazil (8%). Additionally, cyber criminals use TCP port 80 most often for downloading and HTTP to transfer and send infections so they can avoid suspicion as these are both very common protocols.
Trojan malware rose the most in popularity in samples collected between January – June this year, and the penetration of viruses increased slightly. PUPs, Backdoors, and Worms declined just a little. Here’s how each category contributed to malware as a whole.
- Trojan – Trojans represent 55% of all Malware on the internet. Here’s how they work: Trojans perform a variety of malicious functions such as spying, stealing information, logging key strokes and downloading additional Malware.
- Backdoor (21%): Backdoors provide functionality for a remote attacker to log on and/or execute arbitrary commands on the affected system.
- Pup, a Potentially Unwanted Program (8%): PUPs are programs which the user may consent on being installed but may affect the security posture of the system or may be used for malicious purposes. Examples are Adware, Dialers and Hacktools/“hacker tools” (which includes sniffers, port scanners, malware constructor kits, etc.)
- Worm (6%): Worms self-propagate via e-mail, network shares, removable drives, file sharing or instant messaging applications.
- Virus (4%): Viruses propagate by infecting host files
The Trojan Malware category continues to occupy the largest share of new malware samples. In the first half of this year, the distribution of Trojans increased 9%. Experts speculate that the rise in Trojan popularity my be attributed to the proliferation of publicly available (and easily accessible) toolkits designed to control, spy on, and steal information from infected computers.
These toolkits are very easy to use. By completing a few text boxes, cyber criminals can have a backdoor or infostealer ready for deployment within seconds. Because they require little technical investment researchers expect the upward trend in popularity to continue.
Within the Trojan malware category, Infostealers (including password stealers, keystroke loggers, and spyware) represent 27% of all new samples.
While Infostealers are the most popular type of Trojan, their trend in popularity remained fairly flat throughout the first half of 2009. FraudTools on the other hand rose sharply and a brand new functionality called an Injector was introduced.
Definitions and trends courtesy of IBM X-Force Team‘s 2009 Mid-Year Trend & Risk Report.
This entry was posted on Wednesday, September 9th, 2009 at 9:00 am and is filed under Cloud Hosting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
