66% of new trojans are designed to steal money

Sixty-six percent of the new Trojans that emerged in the first quarter of 2007 were designed for financial gain. “Trojans help their authors make a financial profit in many different ways:  from stealing bank passwords to modifying the server’s DNS to redirect users to spoofed websites. In fact, Trojans are currently the most widely used malware, due to their flexibility to carry out these types of crimes,” explains Luis Corrons, Technical Director of PandaLabs.

The new Trojans detected by PandaLabs in the first quarter belonged to almost 700 different families, and represented seventy-four percent of the new malware detected during this period. The most frequently detected Trojan family was the downloader family, representing forty two percent of the total.

The functioning of botnets and their evolution is another issue dealt with in this quarterly report. Botnets are networks of computer infected by malware (mainly worms and Trojans), with bot functionalities. This means that they can operate autonomously and at the same time, receive instructions from the hacker. It is how these instructions are received that is changing.
“It is true that the majority of bots still communicate with their creators via IRC channels -the source code of some IRC bot families has been circulating in the Internet for years-. However, we are also seeing how this trend is changing rapidly towards HTTP-based bots, as this communication is more effective in any environment, both corporate and domestic,” adds Luis Corrons.

PandaLabs’ quarterly report also includes an interesting article about crimeware or cyber-crime, which includes data about the path malware is following today. The main conclusion of this article is that cyber-criminals want, above all, to earn financial profit from their activities. It also emphasizes the importance that blended attacks (those that combine one or more variants of malware) are gaining.

An example of a blended threat is one of the latest attacks carried out by the Spamta worm. PandaLabs’ report includes the latest variants of this worm that have emerged, and of SpamtaLoad, the Trojan that downloads it to computers.
Finally, the report describes the first security holes to appear in the new Windows Vista operating system. Although Microsoft claims that Windows Vista is the “most secure” operating system yet, security flaws are being detected, and some reports even mention that hackers are selling zero-day exploits worth 50,000 dollars,” says Luis Corrons. Â

Share this