When I report on Identity Theft, Banker Trojans, Fake Antivirus Applications, Social Network malware attacks, Spam, and other forms of malware designed to compromise Internet users’ computers, I sometimes feel like the boy who ‘”cried wolf”, in that old familiar children’s story.
The truth is though, I’m now more convinced than ever, that I’m much more like the Dutch boy, in another old familiar children’s story, who stuck his finger in the dike.
An exaggeration? Hardly – according to PandaLabs Annual Malware Report released today, the company identified 25 million new malware strains in 2009, with Banker Trojans and fake antivirus programs topping the list – more malware than it detected in the previous 19 years combined. With apologies to Winston Churchill – “Some finger – some dike!”
The following report provided by PandaLabs, the anti-malware laboratory of Panda Security, reviews the major incidents, and events, concerning IT security in 2009, and includes what we should expect to face in 2010.
PandaLabs 2009 Annual Report:
The outstanding trend of the last 12 months has been the prolific production of new malware: 25 million new strains were created in just one year, compared to a combined total of 15 million throughout the rest of Panda Security’s 20-year history.
This latest surge of activity included countless new examples of banker Trojans, which represented approximately 66 percent of all new samples, as well as a host of fake antivirus programs, also known as rogueware. The report also draws attention to the resurgence of traditional viruses previously on the verge of extinction, such as Conficker, Sality and the veteran Virutas.
During 2009, spam was also highly active: approximately 92 percent of all e-mail traffic was identified as spam. The tricks used to dupe potential victims into opening these e-mails have focused heavily on exploiting current affairs and dramatic news stories – a tactic which also applied to search engine optimization (SEO) attacks. As such, PandaLabs saw waves of junk mail related to celebrity scandals or deaths (real or fictitious), swine flu, compromising videos of politicians, etc.
This year PandaLabs also tracked how spam impacted different industrial sectors, revealing that the automotive and consumer electronics industries were the worst affected, followed by government agencies.
In terms of malware distribution channels, social networks, mainly including Facebook, Twitter, YouTube and Digg, as well as SEO attacks that directed users to malware-laden Web sites, were favored by cybercriminals last year. Cybercriminals continued to consolidate underground business models that exploited social engineering techniques to generate revenues.
The Annual Malware Report also examines how individual countries and regions have been affected throughout the year, based on the data gathered from computers scanned and disinfected free of charge with Panda ActiveScan.
Taiwan tops the rankings, followed by Russia, Poland, Turkey, Colombia, Argentina and Spain. Countries suffering fewest infections include Portugal and Sweden. A graphic representation of malware infection rates by country can be found here.
Last year also saw a rise in the number of cyber attacks with political motives or targets, suggesting that what people have been watching in espionage and sci-fi movies for years is now becoming a reality.
In conclusion, PandaLabs predicts that the amount of malware in circulation will continue to grow during 2010. Windows 7 will attract the interest of hackers when it comes to designing new malware, and attacks on Apple computers will increase. While the industry will also witness more politically motivated attacks, PandaLabs believes that 2010 will not be the year of the cell phone virus.
To read the full PandaLabs Annual Report report in PDF format, click here.
More information about malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Pingback: Tweets that mention PandaLabs – 2009 Sets New Record for Malware « Bill Mullins’ Weblog – Tech Thoughts -- Topsy.com
Pingback: » PandaLabs – 2009 Sets New Record for Malware « Bill Mullins … RWPS
I suspect 2010 will be even worse.
Hey Dave,
I absolutely agree.
Since we’re into predictions, let me offer you this prediction: you are going to have the busiest year you’ve ever had rebuilding/cleaning your clients computers following a malware infection. In the coming year, highly complex malware infections will prove to be impossible to remove, except by a highly skilled professional tech. Rest up while you can. LOL
Good to hear from you.
A belated Happy New Year.
Bill
I remember I used Panda antivirus a few years back – it picked up on and shifted some nasties that had been missed by another scanner.
I’m really not looking forward to seeing if your predictions come true… it’s enough to make me consider another career! haha
Hey Tony,
I think at the end of the year you will be definitely TIRED.
Bill
Wow, 25 million new malware strains in 2009? Yikes! The rate at which these trojans and rogueware are growing is astounding. Are you surprised that consumer electronics industries and government agencies were the most affected? I guess IT support companies will have their work cut out for them in the coming years!
Hey TuneUp,
There are times I wish I could speak frankly concerning the poor security habits of some of the government agencies I’m aware of, but….
I believe 2010 will prove to be the year when we will see seismic quality malware attacks on the Internet. Attacks that will shake consumer confidence. I hope I’m wrong, but all the signposts that I’m looking at, are indicative of this.
A belated happy New Year to you.
Bill
Pingback: 2009 – Year Of The Panda? Nope, It Was Year Of The Malware
Hi Bill
Do you think the instances of fake antivirus programs has now peaked or do you believe they will continue to grow in 2010?
Hi Lee,
As you know, criminals, by and large, are lazy. Put that “truth” together with the idea that we, as a species, always go after the lowest hanging fruit, and we can expect (in my view), an increase in risk exposure to rogue applications. Unaware, under educated, and careless users, form a natural market (the lowest hanging fruit), for cybercriminals, and in a real sense, this “market”, continues to grow. The bad guys will increase their offerings, to capture more of this market.
Thank you for visiting, and for the link.
Bill
I couldn’t agree more with your comments about careless users and, in my opinion, they are the worst.
If people just took the time and applied commonsense then the majority of threats would become null and void overnight.
That said, I’m not sure I agree that criminals are quite so lazy. Sure, you have the advanced fee scammers recycling the same old junk all the time but the malware authors are becoming increasingly sophisticated.
I could be wrong but I think 2010 will see more advanced tactics employed whilst the more common threats will diminish in frequency, mainly due to the fact that cyber criminals are increasingly connected to organised gangs and even, perhaps, governments.
Lee