June 24, 2008

F-Secure Reports Malware Growth at a Higher Level Than Ever Before

In its 2008 first half data security summary, F-Secure reports that malware is growing at a faster rate than ever before. This recent explosion of malware doesn't necessarily represent an increase in new types of threats. It is largely the packing, encryption, and obfuscation of existing families of trojans, backdoors, exploits, and other threats, which is now done with industrial efficiency. The increasing use of self-defense technologies in malware represents the ever-growing professionalism within the crime-ware community.

"I have a nasty feeling that the situation is getting worse, not better," says Patrik Runald, Security Response Manager at F-Secure Corporation. "However, we're not giving up, either."

The first half of 2008 has seen a growing number of targeted malware attacks on individuals, companies, and organizations. In a targeted malware attack, the attacker profiles his victim and sends an e-mail using the recipient's name, title and perhaps references to his job function. The e-mail appears to come from a legitimate source, such as the Better Business Bureau or the IRS, and the message's content is typically something that the recipient would expect to receive via e-mail. The e-mail prompts the victim to visit a website that then infects his computer with malware that allows the attacker to steal sensitive information from the victim's browser.

Targeted malware attacks are also being used for political and military motives. During the recent clashes between Tibetans and the Chinese military, the battles on the streets were accompanied by political espionage on the Internet. Human rights groups, pro-Tibet organizations and individuals supporting the freedom of Tibet were attacked with a carefully targeted and technically advanced e-mail campaign that attempted to infect their computers in order to spy on their actions.

Additionally the first half of 2008 brought a rise in SQL injection attacks, in which an attacker uses a popular website to infect visitors with malware by taking advantage of a common back-end vulnerability. The exploited vulnerability is so common that these attacks have destroyed the idea of a 'trusted website,' and F-Secure estimates that two to three million web pages have already been affected.

For more information, the full 2008 first half data security wrap-up is available at http://www.f-secure.com/2008/

About F-Secure Corporation

F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. F-Secure's award-winning solutions are available as a service subscription through more than 160 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market. The solutions are also available as licensed products through thousands of resellers globally. The company aspires to be the most reliable security provider, helping to make computer and smartphone users' connected lives safe and easy. This is substantiated by the company's independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/.