Trojans were the most prolific malware threat in February, and collaboration seems to be the name of the game in malware development and distribution.
Trojan-based attacks
continue to be the biggest malware threat in February, but PDF exploits aren't
far behind, according to several security reports.
About 1 in 290 e-mails in
February were malicious, making the month one of the most prolific periods for the
threats, according to Symantec's February 2011
MessageLabs Intelligence Report.
The global ratio of spam in e-mail traffic was 81.3 percent, an increase of 2.7
percent since January, the report found. The recent decline in spam appears to
have reversed for the time being, according to the report.
There was a lot of
botnet
activity in February, and the perpetrators appeared to be working together
to some extent to distribute Trojans, according to Symantec. There were signs
of integration across Zeus, Bredolab and SpyEye, as techniques associated with
one malware family were being used by others, Symantec said in the report.
The attacks were well-timed
and used carefully targeted techniques, suggesting a "common origin" for these
infected messages. One day, the messages would be propagating mainly Zeus
variants, followed by a day dedicated to distributing SpyEye variants and later
with Bredolab, in an alternating pattern, according to Paul Wood, MessageLabs
Intelligence senior analyst. By the middle of the month, the variants
propagated simultaneously with an advanced package that evaded traditional
antivirus detection, he said.
All the attacks used a .ZIP
archive attachment containing malicious code. About 1.5 percent of blocked
malware had malicious .ZIP attachments, and 79.2 percent of those files were
connected to the Bredolab, Zeus and SpyEye attacks, researchers said.
Contrary to recent belief,
Bredolab
is not dead, as MessageLabs identified at least 40 variants of malware
associated with Bredolab in February, accounting for at least 10 percent of
e-mail-borne malware blocked by MessageLabs Intelligence that month.
SpyEye also appeared on
FortiNet's Threat Landscape report for the first time, signaling new activity
and techniques.
"We're likely to see similar
ongoing activity by the SpyEye group, such as routine obfuscation of their data
and command and control transmissions," said Derek Manky, senior security
strategist at Fortinet. "SpyEye developers are also working to make their
product more efficient in terms of management and automation, which is
evidenced by the bot's new Automatic Transfer System."
Both GFI Software and
Symantec researchers said Trojans were the main threat in February but that PDF
exploits are on the rise. Trojans accounted for six of the top 10 malware
threats of February, according to GFI Software's monthly report.
Malicious PDF files now
account for a larger proportion of document types used in attacks, according to
Symantec. Based on current trends, Symantec predicted 76 percent of targeted
malware could be used for PDF-based attacks by mid-2011.
"PDF-based targeted attacks
are here to stay and are predicted to worsen as malware authors continue to
innovate in the delivery, construction and obfuscation of the techniques
necessary for this type of malware," Wood said.
China was the most spammed
country in February, followed by the United States, Canada and the United
Kingdom. Spam levels were 81.4 percent for the United States, compared with
China's 86.2 percent. The most spammed industry sector continued to be the
automotive sector, with 84.3 percent of e-mail, followed by education and
pharmaceuticals.
However, governmental
organizations were the most targeted for malware, with 1 in 41.1 e-mails being
blocked as malicious, according to Symantec.
While virus activity
increased slightly, the volume of e-mails with links to malicious Websites
declined from January, Symantec said. Of the malicious domains blocked in
February by MessageLabs Intelligence, 38.9 percent were new, a decline of about
2 percent since January, Symantec said. An average of 4,098 new Websites
harboring malware was identified per day, a decrease of almost 14 percent since
January, according to the report.
Despite more malware flooding
networks, actual infection rates may be dropping, Panda Security researchers
said. The security firm based its results on data gathered by Panda ActiveScan,
a free online scanner available on the company's Website. Of the computers
scanned in February, only 39 percent were infected with malware, compared with
50 percent in January, Panda Security said. Of the infected computers, Trojans
were the most common malware found; they are responsible for 61 percent of
infections.
Print
