PandaLabs, the malware research arm of Panda Security, issued its 2009 annual report Tuesday, outlining the continued rise of more sophisticated forms of malware, including banking Trojans targeting account credentials that have far outpaced known viruses in the wild.
The total number of individual malware samples in Panda's database hit the 40 million mark in 2009. Panda said its research laboratory receives about 55,000 daily samples. Panda researcher Sean-Paul Correll summed up 2009 by calling it the most productive year for malware writers. There were about 25 million new malware strains in 2009 compared to a combined total of 15 million in Panda Security's 20-year history, Correll said in a blog entry announcing the annual report.
Trojans represented 66% of malware -- a sign that automated tools have made creating new Trojan variants fairly easy for attackers. The black market tools are now being sold via subscription models and other formats, helping the less technically savvy person ride the cybercriminal wave.
The PandaLabs 2009 annual report, highlights the growing availability of banking malware kits, which contain increasing functionality, enabling an attacker to control the Trojan and send new instructions. The kits are constantly being tweaked to keep up with bank security measures and create malware that can evade detection. For example, the SilentBanker.D Trojan, discovered in October, can intercept bank transfers and modify account details without the user detecting a problem. Correll said SilentBanker.D was cleverly coded to reside on a victim's computer and falsify online bank statements. The technique enables cybercriminals more time to drain bank accounts.
Cybersecurity 2010 outlook:
invest in social networking attacks: The Cisco Annual Security Report highlights the best and
worst in the cybercriminal investment portfolio for 2010.
Five security industry themes to watch in 2010 All signs point to payment industry security improvements, tighter security in social networks and some new attack vectors for savvy cybercriminals.
The websites also try to coax people into paying for fake antivirus to rid their system of non-existent malware. Panda said the most active rogueware in 2009 was a phony program called SystemSecurity, followed by TotalSecurity2009 and System Guard. Correll said the rogueware families use the most aggressive methods to get users to by the software, including locking them out of files and folders.
The final malware categories documented by Panda include viruses at 6.6% of all malware, followed by spyware (5.70%) and worms (3.4%).
Globally, Taiwan, Russia and Poland share the distinction of having the most infections, while the honor of having the least infections goes to computer users in Sweden, Portugal and the Netherlands.
Smartphones remain relatively safe from malware in 2010
In its predictions for 2010, Panda said cell phones will not be a major target of malware. The PC, including Web applications and Web browser plug-ins, remain the attack vector of choice of malware writers.
"The PC is a homogenous platform, with 90% of the world's computers running Windows on Intel, meaning that any new Trojan, worm, etc., has a potential victim pool of 90% of the world's computers," PandaLabs said in its report. "The cell phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems."
Even third-party applications on smartphones remain relatively safe as many are not compatible from one cell phone OS to another. Apple, Google, Palm and BlackBerry also screen smartphone applications before making them available to users.
"If people begin to operate financial transactions from their cell phones, then maybe we could talk about a potential breeding ground for cybercrime," Correll said.
Other security experts, including Zulfikar Ramzan, technical director of Symantec Security Response, said the increasing popularity of smartphones, including Apple's iPhone and devices running Google's Android OS, will make them more lucrative targets over time.