Trojans Dominated During Q2

By Matthew Hines  |  Posted 2008-07-10 Print this article Print

AV maker Panda Software published its report on malware trends for the second quarter of 2008 and finds that Trojan attacks were by far the most common form of threat being created between April and June.

According to the report, more than 63 percent of the new malicious code samples unearthed by Panda's researchers during Q2 were Trojan threats -- with Adware programs coming in a distant second at 22.40 percent.

The massive volume of new Trojans was related to the efforts of malware authors to create shorter runs of the threats to evade detection by AV systems and other security defenses, Panda officials said in their report summary.

"In the present scenario, it is unlikely for a Trojan to infect a large number of computers, as this would attract attention and goes against the interests of cyber-criminals. They prefer instead to create numerous different Trojans, targeting users of a specific service or utility, etc., instead of trying to massively propagate a single example," Luis Corrons, technical director of PandaLabs, said in a report synopsis.

"This is why Trojans consistently figure as the type of malware with most individual examples in circulation," he said.

The report finds that Trojans were also responsible for most computer infections in Q2, accounting for 28.7 percent of that total. Adware, which had led the way during Q1 2008, accounted for just over 22 percent of infections in Q2, with worms representing 13.5 percent of the successful exploits tracked by Panda.

In terms of individual attacks, the Bagle.RP worm infected more computers than any other attack, according to Panda's estimates, followed by the Puce.E and Bagle.SP worms.

"Trojans are responsible for most infections, but they do it with thousands of different variants. Worms, however, operate in a different way, with perhaps one example being responsible for tens of thousands of infections. That's why in terms of individual malicious code, worms are often the most prevalent," Corrons said.

In a nod to the notion that attacks tend to follow the money, banking Trojans were the most popular iteration of the threats in Q2, with the Sinowal, Banbra and Bancos bank Trojan families appearing more often than any others.

Other popular families of bank Trojans during Q2 were the Dumador, SpyForms, Bandiv, PowerGrabber and Bankpatch groups, Panda reported, while the Briz, Snatch and Nuklus families fell off compared to their Q1 activity.

The attacks remain popular because they still make their distributors plenty of stolen loot, Panda maintains.

"This type of malware is causing serious losses for users around the world, particularly considering the increased use of online banking services. In 2006, in the USA alone, there were already 44 million online bank users. This is a tremendous pool of potential victims for cyber-crooks. If criminals managed to steal just $100 dollars from 1 percent of them, we would be talking about a haul of $44 million. And this is a very conservative estimate. The reality could be much worse," Corrons said.

The PandaLabs report, found here, also analyzes spam trends, Web site infections and vulnerability severity over the last three months.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel