Photo: Blue Square Data
Trends, myths and reality
As our labs revealed record numbers for malware creation, and cyber criminals triumphed in their most profitable year to date, 2009 proved to be a defining year for computer crime
The statistics revealed that cybercriminals have upped the ante and are becoming more sophisticated and creative, distributing more aggressive forms of malware, observed through an explosion in new examples of Banker Trojans and a mass of Adware (rogueware). Here, we will look at the malware trends from last year; the bad news and the good, and the steps that can be taken to manage potential threats. Are we fighting a losing battle and what can be done to protect against malware?
Our statistics show that Trojans and rogueware ('fake' antivirus programs) amounted to almost 85 per cent of all malware activity in 2009. Viruses have also gained ground, where previously the numbers were dwindling. This is in part due to cybercriminals' endeavours to manipulate security companies by creating viruses to redirect them away from malware research, and to allow them the time to release further malware designed to steal information. Consequently, this resulted in additional investment in anti-malware laboratories.
2009 was also the year of Conficker, though this belies the fact that worms ranked at just 3.42 per cent of last year's malware creation. The Conficker worm has caused serious problems in both domestic and corporate environments, with more than 7 million computers infected worldwide, and it is still spreading rapidly.
The complexity and volume of attacks is set to continue in 2010, and evidence suggests that dangers ahead will increase, with malware spreading to systems such as Windows 7, Mac and the cloud. It's not all bad news however; despite reports, we believe that 2010 will not be the year for widespread malware across mobile phones. The mobile phone environment is much more diverse than PC systems, as they utilise different hardware and operating systems, making mobiles a difficult target compared with PC platforms such as Windows and Intel.
As more services are delivered from the cloud and will continue to be so throughout 2010, cyber criminals are constantly creating new malware strains. The silver lining however, is that organisations such as Panda Security are also now harnessing the power of the 'cloud' which utilises 'collective intelligence' technology, automatically identifying and classifying new malware strains in almost real-time.
Despite the enormity of attacks over 2009, in reality, the majority of malware cases could have been prevented through basic security processes. For example users should consult with a trusted security source when faced with threats they may be unsure of, and in doing so can often highlight potentially damaging threats. Antivirus companies can also offer advice, we recommend accessing sites through direct methods, rather than through indirect links, reinforcing to users the importance of maintaining their computers and installing up-to-date security software to prevent becoming part of the malware problem.
The war against cyber criminals is not a lost cause, as government and law enforcement authorities worldwide have made a concerted effort, including the extradition of a man to the United States, accused of stealing more than $10 million from different American banks. October saw 100 people arrested by US and Egyptian security forces in one of the biggest operations against cyber-crime to date, accused of stealing more than $1.5million through phishing scams. So whilst the dangers remain, with the combined efforts of the industry and authorities, the battle against cybercrime is far from lost.
Luis Corrons, Technical Director Panda Security
