News Stay informed about the latest enterprise technology news and product updates.

Security report finds rise in banking Trojans, adware, fewer viruses

Panda Security's 2009 annual report finds banking Trojans and account credential stealers dominating the threat environment.

PandaLabs, the malware research arm of Panda Security, issued its 2009 annual report Tuesday, outlining the continued rise of more sophisticated forms of malware, including banking Trojans targeting account credentials that have far outpaced known viruses in the wild.

To get security news and tips delivered to your inbox,  click here to sign up for our free newsletter.

The total number of individual malware samples in Panda's database hit the 40 million mark in 2009. Panda said its research laboratory receives about 55,000 daily samples. Panda researcher Sean-Paul Correll summed up 2009 by calling it the most productive year for malware writers. There were about 25 million new malware strains in 2009 compared to a combined total of 15 million in Panda Security's 20-year history, Correll said in a blog entry announcing the annual report.

Trojans represented 66% of malware -- a sign that automated tools have made creating new Trojan variants fairly easy for attackers. The black market tools are now being sold via subscription models and other formats, helping the less technically savvy person ride the cybercriminal wave.

The PandaLabs 2009 annual report, highlights the growing availability of banking malware kits, which contain increasing functionality, enabling an attacker to control the Trojan and send new instructions. The kits are constantly being tweaked to keep up with bank security measures and create malware that can evade detection. For example, the SilentBanker.D Trojan, discovered in October, can intercept bank transfers and modify account details without the user detecting a problem. Correll said SilentBanker.D was cleverly coded to reside on a victim's computer and falsify online bank statements. The technique enables cybercriminals more time to drain bank accounts. 

Cybersecurity 2010 outlook:

Cybercriminals invest in social networking attacks: The Cisco Annual Security Report highlights the best and worst in the cybercriminal investment portfolio for 2010. 

Five security industry themes to watch in 2010 All signs point to payment industry security improvements, tighter security in social networks and some new attack vectors for savvy cybercriminals.

Panda's adware category, which includes rogueware and fake antivirus programs, represented 17.6% of all malware. The rogueware brings in about $34 million per month worldwide, according to Panda. The phony antivirus is easily tricking users with security alerts designed to mirror Microsoft's Windows Security Center, when in fact it is really JavaScript code running in the browser. Those behind the fake antivirus programs set up attack websites and use search engine optimization (SEO) techniques to ensure the sites get top-billing in search engine results.

The websites also try to coax people into paying for fake antivirus to rid their system of non-existent malware. Panda said the most active rogueware in 2009 was a phony program called SystemSecurity, followed by TotalSecurity2009 and System Guard. Correll said the rogueware families use the most aggressive methods to get users to by the software, including locking them out of files and folders.

The final malware categories documented by Panda include viruses at 6.6% of all malware, followed by spyware (5.70%) and worms (3.4%).

Globally, Taiwan, Russia and Poland share the distinction of having the most infections, while the honor of having the least infections goes to computer users in Sweden, Portugal and the Netherlands.

Smartphones remain relatively safe from malware in 2010
In its predictions for 2010, Panda said cell phones will not be a major target of malware. The PC, including Web applications and Web browser plug-ins, remain the attack vector of choice of malware writers.

"The PC is a homogenous platform, with 90% of the world's computers running Windows on Intel, meaning that any new Trojan, worm, etc., has a potential victim pool of 90% of the world's computers," PandaLabs said in its report. "The cell phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems."

Even third-party applications on smartphones remain relatively safe as many are not compatible from one cell phone OS to another. Apple, Google, Palm and BlackBerry also screen smartphone applications before making them available to users.

"If people begin to operate financial transactions from their cell phones, then maybe we could talk about a potential breeding ground for cybercrime," Correll said.

Other security experts, including Zulfikar Ramzan, technical director of Symantec Security Response, said the increasing popularity of smartphones, including Apple's iPhone and devices running Google's Android OS, will make them more lucrative targets over time.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.