Landmark Malware, Trojan Growth Charted in 2008
The sheer volume of malware samples, and the number of newly discovered attacks observed by security researchers during 2008 outpaced even the most aggressive pre-year forecasts and smashed all time records for such activity, according to experts at PandaLabs.
The AV maker's researchers reported in their 2008 Annual Report that they encountered an average of 35,000 malware samples across its sensor network each day, with a stunning 22,000 of which were previously unseen variants. Panda said that by year's end last week, it had tracked over 15 million malware threats for the twelve month period.
This number surpassed the company's initial 2008 projections by over 5 million samples, resulting in the company detecting more threats over the first eight months of 2008 than in the company's previous 17 years of conducting such research.
Now that, my friends, is some serious business.
To the point of this week's report from Sunbelt Software which charted 90 percent of the most commonly seen threats in Dec. 2008 as Trojan attacks, Panda reported that a vast majority of the new malware (67.7 percent) it found were Trojans.
According to the report, Trojans also represented the most common brand of malware infection seen in '08 at 70.1 percent of all total detections, followed by adware at 19.9 percent and worms at 4.22 percent. The three types of infections combined represented the majority of malware detected by Panda overall for the year, totaling 94 percent of all samples.
Banker Trojans remain the most popular form of the attacks, the company said. The proliferation of malware-authoring toolkits has contributed greatly to the overall trend, said Ryan Sherstobitoff, chief corporate evangelist for Panda Security, in a report summary.
"For cybercriminals, it's relatively simple to obtain these malicious programs since there is a thriving marketplace for custom designed Trojan creation kits," Sherstobitoff said. "These kits allow the creation of Trojans which not only offer multiple features, but also have the ability to be controlled remotely."
The most common types of banker Trojans unearthed by PandaLabs were:
-Brazilian Banker Trojans (Banbra, Bancos)
-Russian Banker Trojans 1.0 (Cimuz, Goldun)
-Russian Banker Trojans 2.0 (Sinowal, Torpig, Bankolimb)
The primary difference between the two families of Russian attacks is that the 2.0 threats include far more advanced features that attempt to help the programs evade detection by security technologies.
"Banks have responded to the threat of banker Trojans, improving security and client authentication procedures," Panda researchers said. "In consequence, the techniques used by this type of malware to steal information have in turn become more sophisticated."
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.