02 August 2009
Changes in content and distribution medium found in BitDefender survey
Malware writing has become a full-fledged business � shaped after corporate models, according to BitDefender�. Today, BitDefender released the results of its malware and spam survey from January through June 2009, showing HTML newsletter-impersonating spam and web 2.0 phishing attempts witnessing a sharp rise.
Malware Threats in Review
During the first six months of 2009, malware writers have continued their efforts to infect computer users in order to receive direct financial gain and/or to seize control over their machines. According to the report, Trojan-type malware is on the rise, accounting for 83-percent of the global malware detected in the wild.
While Trojans were the most active e-threats in the last six months, the notorious Downadup Internet worm caused the most damage to users. Downadup managed to infect a record number of worldwide computers (about 11 million) and made headlines of most, if not all, computer magazines and mainstream media. Targeting systems with unpatched MS08-067 vulnerabilities, the worm can send itself to any clean computer it has already infected on the same network and looks to gain access to file shares. Although Microsoft issued an out-of-cycle patch for the vulnerability, the infection is still in the wild, with hundreds of systems compromised on a daily basis.
�The Internet is one of the most important communications vehicles � used for business, schooling and leisure. It has also become a channel for criminals to gain access to a vast number of computer systems, financial data and information,� said Vlad V�lceanu, Head of BitDefender Antispam Research Lab. �Cybercriminals are not going to stop looking for ways to enhance their e-threats, which is why it is essential for computer users to make sure they have a security solution in place, that can provide them with advanced, proactive protection.�
BitDefender found that during the last six months, the most active countries in terms of spreading malware were China, France and the United States, followed by Romania, Spain and Australia
World�s Top 10 Malware from January-June 2009
| RANK | Malware | % |
| 1 | Trojan.Autorun.Inf | 31 |
| 2 | Win32.Worm.Downadup | 13 |
| 3 | Trojan.Wimad | 13 |
| 4 | Trojan.SkimTrim.HTML.A | 11 |
| 5 | Trojant.Agent.AKXM | 10 |
| 6 | Trojan.Autorun.AET | 7 |
| 7 | Worm.Autorun.WHG | 5 |
| 8 | Packer.Malware.NSAnti.1 | 4 |
| 9 | Trojan.Spy.Agent.NXS | 3 |
| 10 | Trojan.JS.PZB | 3 |
Spam Trends in First Half of 2009
In terms of media and techniques, BitDefender analysts determined a continuing trend in text-based spam, which reached 80 percent this year compared to 70 percent for the same period in 2008.
Additionally, image spam increased 150 percent since the first half of 2008. Incorporated via HTML newsletter-impersonating spam, downloadable images are included in a strategy developed by spammers to trick users into accepting images blocked by the email client and, at the same time, to bypass spam filters by slightly modifying the image�s color palette.
Spam messages advertising pirated/OEM software products also increased dramatically compared to the same period last year. According to the statistics provided by the BitDefender Antispam Research Lab, software spam accounted for about 3 percent of worldwide spam. By June 2009, unsolicited email related to software products became one of the top five spam threats and accounted for 5 percent of the total spam messages sent worldwide.
The Top 10 list for the first half of 2009�s most advocated content through e-mail spam includes:
| 1 | Medicine Spam |
| 2 | Phishing Links |
| 3 | Loans/Mortgage |
| 4 | Malware Attached |
| 5 | Product Spam/Knockoff |
| 6 | Software/OEM |
| 7 | Pornography (non) dating |
| 8 | Dating Websites |
| 9 | Employment |
| 10 | Tie between Academic Diploma and Online Casino |
Web 2.0 Malware and the Phishing Landscape
From January through June 2009, phishing messages reached an alarming threshold of 7 percent of the spam messages sent worldwide. As expected, the most receptive countries in terms of phishing are the United States, Canada and the United Kingdom - three English-speaking countries. However, Russia is another significant source of phishing messages, mostly because of its lax legislation regarding cyber-crime, as well as the country�s current unemployment rate.
The phishing landscape is continuously evolving and morphing, including a rise in web 2.0 phishing techniques. Social network user accounts are key elements for carrying out subsequent attacks to other network users. However, since respectable service providers have tightened security in order to protect their users� personal info, attackers have developed fake login pages in an attempt to get genuine user login credentials.
BitDefender Labs have found that most web 2.0 phishing attempts in the first half of 2009 relied on social engineering schemes and speculated user naivety. The Twitter Porn Name scam is a good example. Users were invited to reveal their first pet name, as well as the first street on which they lived. These names are usually employed as backup/security questions. An e-crook possessing a person�s username along with these �clues� can easily retrieve a password that he or she can later employ to access the account and send spam, access transactions, or use the account in whatever way necessary to make a profit, including demanding a ransom for release of the hijacked account.
However, phishers� favorite targets are constant. On average, the most used identities are related to the financial sector, primarily banks and wire transfer institutions.
The top three counterfeit business identities in the first half of 2009 include:
| 1 | Bank of America |
| 2 | Paypal |
| 3 | Abbey |
BitDefender estimates that more than 55,000 users fall victim to phishing scams each month, totaling an impressive 330,000 victims from January through June 2009. In order to successfully deceive their victims, phishers must impersonate (aka. spoof) the genuine page as accurately as possible. However, while replicating the original webpage is simply a matter of copy-and-pasting, the spam message usually contains misspelled words and/or negligent formatting.
This is not the case with most of the phishing raids targeting Bank of America. Not only is the text impeccably laid out, but the phishing page has also been crafted with an unusual attention to detail, suggesting that the people responsible for the phishing attacks are a highly organized gang of cyber-criminals.
�Most importantly, unlike malware, phishing and spam are universal e-threats � they work on any computer, regardless of their operating systems and security patches," V�lceanu commented. �Extra caution and a highly-rated antimalware solution with antispam, antiphishing and antimalware modules are a must-have for anyone surfing the web.�
For more information on this survey, please visit the BitDefender E- Threats Report page.
MEDIA RELATIONS
[email protected]INDUSTRY ANALYST RELATIONS
[email protected]INVESTOR RELATIONS
[email protected]