ID Thieving Malware Running Wild

By Matthew Hines  |  Posted 2009-03-23 Print this article Print

Malware programs designed specifically to steal people's sensitive data, such a banking Trojans, continue to proliferate widely, according to a recent research report issued by PandaLabs.

According to the AV specialist, of the 67 million endpoint devices that it scanned during 2008, more than 10 million had some form of ID-thieving crimeware buried somewhere within. Over 3 million people in the U.S. alone were infected with the attacks, Panda said. And the data theft attacks only got worse as 2008 went on, based on the research.

PandaLabs found that infections leaped by a staggering 800 percent during the second half of 2008, compared to the first half.

On the flip side of the equation, only 35 percent of the endpoints that the company scanned had their AV tools properly updated and functioning to ward off malware threats.

Based on an existing metric that assumes that ID theft incidents cost an average of roughly $500 per victim when all factors are brought into consideration - such as the expense of having consumers' payment cards reissued and providing them with credit monitoring systems, the attacks could have cost as much as $1.5 billion for U.S. residents alone during '08.

On a regional level, the company said that Arizona, California and Florida were the U.S. states with the highest per-capita incidence of reported identity theft.

According to its latest projections, PandaLabs estimates that the ID theft malware infection rate will increase by an additional 336 percent per month throughout 2009, based on its analysis of trends over the last 14 months. Yipes.

Panda said further that a majority of the attacks that it is currently observing in the wild are being loaded into PC memory and running actively as a process. When someone infected by one of the programs navigates their way to online shopping, banking or networking sites, the programs then steal their credentials in some fashion.

A lack of awareness among end users remains one of the biggest problems, as evidenced by the low rate of AV update diligence, experts with the company maintain. "We must all become aware of the dangers of malware identity theft and protect ourselves from the serious potential losses, both in time and money," Luis Corrons, director of PandaLabs, said in a statement.

Of all the spyware programs, Trojan threats remain the most popular format employed by attackers, according to the research, especially banking threats.

According to PandaLabs, the top ten families of banker Trojans that are the most prevalent in infiltrating users' systems today are:

Trj/Cimuz Trj/Sinowal Trj/Bankolimb Trj/Torpig Trj/Goldun Trj/Dumador Trj/Spyforms Trj/Bandiv Trj/SilentBanker Trj/PowerGrabber

The most common types of non-banker Trojan identity theft malware are:

Trj/Lineage W32/Lineage.worm Trj/Legmir

Trj/Wow W32/Wow.worm Trj/MSNPassword Trj/PassStealer Trj/QQPass

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel