Quantcast

Trojans Accounted for 70 Percent of the New Malware Detected During the Second Quarter of 2009, According to PandaLabs

July 6, 2009

GLENDALE, Calif., July 6 /PRNewswire/ — Panda Security, the Cloud Security Company, today announced that PandaLabs, Panda Security’s laboratory for detecting and analyzing malware, announced the findings from its second quarterly report of 2009 and determined that Trojans accounted for 70 percent of all new malware between April and June 2009. The report can be downloaded from http://www.pandasecurity.com/img/enc/Quarterly_Report_PandaLabs_Q2_2009.pdf.

One of the most notable findings of the report is the 6.25 percent drop in spyware, which now represents just 6.9 percent of all new malware. In contrast, adware rose dramatically over this period, from 7.54 percent in the previous quarter to 16.37 percent. This is largely due to the increase in fake antivirus applications, a type of adware that passes itself off as a legitimate security solution. As for worms, their percentage has also risen slightly, now accounting for 4.4 percent of all malware.

Trojans were also responsible for more infections than any other type of malware over this period. This type of malware was behind 34.37 percent of all infections detected by PandaLabs, an increase of 2.86 percent with respect to the previous quarter. Adware infection levels remained stable, accounting for 19.62 percent of the total.

Worms increased slightly (0.89 percent), staying in the picture due largely to the effectiveness by which they spread. Dialers, at 4.48 percent, stubbornly refused to disappear despite the overriding trend for broadband instead of dial-up connections.

In terms of specific strains of malware, the number one ranked specimen between April and June 2009 was Downloader.MDW, a Trojan designed to download other malware on to computers. The Virtumonde spyware and Rebooter.J Trojan were also among the malicious codes that caused most infections.

                             01    Trj/Downloader.MDW
                             02    Spyware/Virtumonde
                             03    Trj/Rebooter.J
                             04    Trj/Lineage.BZE
                             05    W32/Bagle.RP.worm
                             06    Adware/AccesMembre
                             07    Adware/SystemSecurity
                             08    W32/Waledac.AS
                             09    Adware/Lop
                             10    W32/AutoRun.DJ.worm

When broken down geographically, Taiwan continues to top the list with 33.63 percent of computers infected with active malware. Turkey and Poland come next, with just under 30 percent. Three Scandinavian countries, Sweden (14.2 percent), Norway (12.48 percent) and Finland (12.17 percent), are the countries with the lowest number of computers infected by active malware during the first half of 2009.

Graphical representations of new malware detected in Q2 2009, as well as how different countries are affected by malware infection can be found here: http://www.flickr.com/photos/panda_security/tags/q2report/.

Malicious use of Twitter

A worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users. It then infected the new user’s profile to continue propagating. New variants appeared, and finally the creator’s identity was revealed: an individual named Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using different techniques, most predominantly, BlackHat SEO. Twitter has a feature called “Trending Topics”, which is a list of the most popular topics that appears in the interface of all Twitter users. When users select a topic through this feature, they see all ‘tweets’ published that are related to this issue.

In this case, malicious users were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded. The first attack focused on just one of the topics, but just a few days later the scope of the attack increased and all popular topics contained malicious links. When the actor David Carradine died, there were hundreds of malicious tweets in just a few hours, and the same thing occurred with other popular issues on Twitter.

The second anniversary of Collective Intelligence, a detailed analysis of the Waledac worm, trends regarding the sending of malware via spam and the evolution of BlackHat SEO techniques are just some of the other issues covered in the PandaLabs Quarterly Report.

You can download this report from: http://www.pandasecurity.com/img/enc/Quarterly_Report_PandaLabs_Q2_2009.pdf.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.

Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com.

SOURCE Panda Security


Source: newswire



comments powered by Disqus