Latest News

Q1 2012 E-Threat Landscape Report

April 2012

The first three months of 2012 have seen the emergence of world's largest botnet on Mac OS X

Executive Summary

If the first three months of 2011 have brought back to light one of the most modern and stubborn botnets in the history of generic PCs – the TDL4 infrastructure, the same interval in 2012 saw the emergence of world’s largest botnet on Mac OS X. The rise of the Flashback botnet, caused by a tiny piece of malware written in Java, triggered not only the greatest epidemic in the Mac OS niche, but also demonstrated once again the importance of security solutions even on privileged operating systems.


The Flashback epidemic appears to be related to another security incident – a massive compromise of blogs running on WordPress. This allowed cyber-criminals to plant both their exploits and the associated payloads for free on the subverted hosting accounts without their owners actually knowing it. 



Four years after its discovery, Win32.Worm.Downadup is still ranking second in the global e-threats top, with more than 6. percent of the globally-recorded infections. This performance is only surpassed by Trojan.AutorunINF –also a veteran e-threat - that scores 7.23% of infections, even though these two e-threats only affect unpatched, unprotected computers running Windows XP.

Worldwide infection top

Spam messages mostly focus on pharmacy offerings - more than 45 percent of all spam. The average size of a spam message is 2.14 KB, and plain-text is the format of choice for spam sent via botnets.

Phishing and scam messages account for roughly 2.5% of spam, with financial institutions targeted the most. Most phishing sites are hosted in the United States (roughly 40%), Germany (6%), Brazil (5%) and Spain (5%). The most targeted financial institution is PayPal (32.4%), Santander UK (2.76) and Mastercard (1.49%). On the non-financial sector, the most targeted companies were Facebook (5.10%), TAM Airlines (3.8%) and AOL (1.24%).

With Facebook nearing the 800 million-user milestone, cyber-criminals are ever more active. On average, SafEgo, Bitdefender’s security solution for Facebook, detects between 10 and 45 distinct scams per day, broken down into multiple types, as shown below:

High profile data breaches continued in the first three months of 2012. Amongst the most important targets there were financial institutions such as Visa and Mastercard, but also healthcare providers (such as the British Pregnancy Advisory Service).

Infections of Android application increased dramatically in the first quarter of 2012, driven by a surge in data privacy invasions, according to statistics from Bitdefender Mobile Security. While the most frequent e-threats identified by Bitdefender are related to data theft, malware strains related to device rooting via operating system exploits play a key role in the e-threat landscape for Q1 2012.

Data privacy seems to be the number one targeted area and malware coders are devising new ways of silently accessing and forwarding sensitive information via attacker-controlled servers. More than that, re-packaged applications bundled with malware and delivered through alternative Android Marketplaces have proven an effective means of distributing malicious apps.

The second-most effective conduit for malware infestation is via device rooting. Although rooting allows users to control their devices unrestricted by carrier or OEM limitations, it also dramatically increases the power and effectiveness of Trojan attacks, which has serious implications for the integrity of the device and data stored on it.

China, Russia and France have the highest count of smartphone users affected by malware. These numbers could reflect an increase in pirated applications re-packed with malicious code, as well as increased smartphone penetration in those countries.

Compared to our previous H2 2011 E-Threat Landscape Report, China has taken first place while the Russian Federation seems to have placed second, this Q1 2012.