Trojans, Tweets Lead Malware Surge

By Matthew Hines  |  Posted 2009-07-09 Print this article Print

Trojan threats may be well over a decade old, but they obviously still work, as the attacks still account for a lion's share of newly discovered malware programs.

At the same time, attackers continue to utilize popular new web services such as Twitter to deliver their latest attacks.

According to second quarter threat analysis published by PandaLabs, over 70 percent of all attacks tracked for the first time between April and June 2009 were somehow classified as Trojans.

Trojans have now topped the charts for years on end, with attackers' seemingly never running out of new ways to disguise their code or hide it within the contents of other programs. Increasing use of Web applications has only accelerated the problem tremendously.

And just as spammers appear content to keep recycling the same usage patterns, and some botnets are being tactically deployed only for major holidays, malware authors and distributors seem perfectly happy to hammer away on the same Trojan models for all they're worth despite how familiar the M.O. is to security experts.

Because if it ain't broke...

PandaLabs said that Trojans also accounted for the majority of new infections during Q2 2009, representing almost 35 percent of all system compromises tracked by the company over the three month period.

Overall, only 7 percent of all new malware samples consisted of spyware programs, with adware representing just under 16.5 percent of all campaigns -- a significant gain over previous quarters, driven by fake AV attacks. Adware accounted for almost 20 percent of all new infections.

Worm attacks rose slightly to almost 4.5 percent of all new threats observed by PandaLabs experts.

The company said that the most widespread Trojans between April and June 2009 were Downloader.MDW, followed by the Rebooter.J Trojan.

PandaLabs also noted the continued use of social networking tools, notably Twitter, as a increasingly popular delivery means for attacks.

During Q2 Twitter saw an XSS worm, attacks using its trending topics feature to attract victims, and a number of other campaigns that used popular news items to spread malware over the online service.

For instance, when actor David Carradine died there were hundreds of malicious URL tweets posted related to the news within only hours of its initial announcement.

YouTube also remains a popular site for distribution of poisoned URLs.

PandaLabs said that overall its Collective Intelligence networks is currently processing an average 50,000 new programs per day, with some 35,000 representing malware threats.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel