BitDefender E-Threats Landscape Report

The purpose of this report is to provide a comprehensive investigation of the threats’ landscape. BitDefender®’s security experts thoroughly analyze and examine the menaces of the each semester, focusing on software vulnerabilities and exploits, different types of malware, as well as countermeasures, cyber crime prevention and law enforcement. The E-Threats Landscape Report concentrates mainly on the latest trends, but it also contains facts and data and concerning the previously investigated periods, as well as several predictions related to the upcoming semesters. This document is primarily intended for IT&C System’s Security Managers, System and Network Administrators, Security Technology Developers, Analysts, and Researchers, but it also addresses issues pertaining to a broader audience, like small organizations or individual users concerned about the safety and integrity of their networks and systems.

Download now H1 2009 Malware and Spam Review Executive Summary.pdf

First Half’s Spotlight E-Threats

During the first half of 2009, the most important security incident was triggered by the emergence and expansion of the Downadup / Conficker / Kido internet worm exploiting a vulnerability in Microsoft operating systems prior to Windows Vista.

The MS08-067 vulnerability allowed Downadup to infect about 11 million computers worldwide during the first half of 2009. The infection is still in the wild, with hundreds of systems compromised on a daily basis.

Other significant malware vectors were leaked, unofficial distributions of Microsoft’s upcoming technologies: Windows 7, Microsoft Office 2010 and Microsoft Visual Studio 2010. Malware writers relied on kits infected with Trojans in order to infect unwary users leeching these novelties via Bit-Torrent.

• ATM malware spotted in the wild: Trojan.Skimer.A targets automated teller machines from US manufacturer Diebold. The malicious application creates a virtual 'skimmer' which is capable of recording card details and personal identification numbers without the user's knowledge.
• Fake disinfection tools for the Downadup Internet worm: building on the pandemics triggered by the Downadup worm (about 11 million infections to date), malware authors released fake disinfection tools for the worm that actually would drop miscellaneous malicious files, especially rogue security software.
• Spam has grown to new heights with Canadian Pharmacy ranking as number one spam source.
• Medicine Spam – 519
• Product Spam (replica products) – 6%
• Hardcore pornography – 3%
• Phishing attempts – 7%
• Bundled malware – 6%
• Phishing and identity theft affect about 55,000 computer users per month. The most targeted financial institutions are Bank of America, Paypal and Abbey Bank.
• The first proof-of-concept rootkit targeting the upcoming Windows 7 operating system from Microsoft has been thoroughly documented and licensed under GPL license.
• MAC OS X scareware also witnessed a dramatic boost, indicating that it’s time of Apple users to adopt a platform-specific security solution.
• Social networking and microblogging have also contributed to leveraging social engineering attacks. Apparently harmless games posted on Twitter exposed sensitive credentials allowing attackers to recover victims’ passwords for miscellaneous web services.

Future Outlook

Malware development is a rapidly evolving business, both because this specific niche of software programmers are driven by illicit financial gains and because of technology’s rapid evolution.

Most software companies run an extremely tight schedule from envisioning their products to actually delivering them to their users, in order to maximize sales. However, many times, such applications are not fully tested and proofed against various types of attacks or critical coding flaws. Malware authors rely on these flaws to envision novel approaches for penetrating users’ systems in both home and corporate environments.

Malware distribution via Warez website and torrent downloads will keep an ascending pace as the number of Internet users increase. The so-called “nulled” PHP scripts used for creating virtual communities often contain backdoors allowing unauthorized third parties to seize control over web servers and host malware or use them as spam relays.

Other vulnerable factors in malware distribution schemes are the very end-users – their lack of awareness on the latest trends in the malware landscape can dramatically impact on both their budget and privacy.

Voluntary disclosure of trivial information via Web 2.0 websites or blogging platforms can also help malicious third parties build personal profiles or gather additional data to be used in phishing attempts.


Download now H1 2009 E-Threats Landscape Report

Archive

2008
Download now H1 2008 E-Threats Landscape Report
Download now H2 2008 E-Threats Landscape Report

CURRENT THREAT LEVEL

• Visit the defense center