The U.S. leads in malicious URLs
During the first half of 2010, Europe sped through the spam-generating fast-lane, bypassing North and South Americas, and Asia-Pacific to earn the “Top Producer of Spam” title.
Based on a Trend Micro threat report, spam continued to grow between January and June 2010, with a brief lull during April. Despite common perception, porn consists of only 4 percent of all spam. Commercial, scams-based and health/medical categories make up 65 percent of the spam generated throughout the world, with HTML spam being the most commonly used technique by spammers.
Malicious URLs increased from 1.5 billion in January to over 3.5 billion in June. North America sourced the most malicious URLs, while Asia-Pacific had the most victims of malware infections. The top URLs blocked by Trend Micro were adult websites, as well as sites that hosted malicious variants such as IFRAME code, TROJ_AGENT, and JS_DLOADR.ATF.
TrendLabs now handles around 250,000 samples each day. Recent estimates though place the number of unique new malware samples introduced in a single day at greater than 60,000.
Trojans account for about 60 percent of new signatures, or antidotes, created by TrendLabs, and 53 percent of overall detections as of June. Backdoors and Trojan-spyware, often defined as crimeware or data-stealing malware, come in second and third places, respectively. The majority of Trojans lead to data-stealing malware.
India and Brazil distinguished themselves by having the most botted computers, tools of choice by cybercriminals building botnets for distributing malware, perpetrating attacks and sending spam. Botnet herders – the cybercriminals behind the botnets — earn millions of dollars in money stolen from innocent computer users.
When it comes to malware infections by industry sector, education took the lead during the first half of 2010 – nearly 50 percent of all malware infections occurred within schools and universities where IT and security staffers face the challenge of securing a complex, distributed and diverse infrastructure supporting countless students not likely to follow Internet security measures. The government and technology sectors follow next, each grabbing 10 percent of all malware infections.
ZeuS and KOOBFACE made the most impact during the first half of 2010. ZeuS, crafted by an Eastern European organized crime network, is primarily a crimeware kit designed to steal users’ online banking login credentials and other personal data. Small businesses and their banks are targeted by the thieves. Hundreds of new ZeuS variants are seen by Trend Micro every day, and this is not likely to change in the near future.
The KOOBFACE botnet achieved infamy as the largest social networking threat to date. In the early part of this year, TrendLabs experts noted that the KOOBFACE gang was continuously updating their botnet: changing the botnet’s architecture, introducing new component binaries, and merging the botnet’s functions with other binaries. They also began encrypting their command and control (C&C) communications to avoid monitoring and takedown by security researchers and the authorities.
Vulnerabilities in applications have always been a part of the security landscape. In the first half of 2010, Trend Micro threat researchers report a total of 2,552 Common Vulnerabilities and Exposures published, with many more that are privately reported to vendors and therefore not published externally.
For end users, vulnerabilities have facilitated “drive-by” threats, where all that is necessary to become infected by malware is to visit a compromised website. Servers are coming under attack as well, with cybercriminals exploiting un-patched vulnerabilities. While this may be more difficult than compromising a single user system, the potential reward for cybercriminals is greater.