Use of worms to steal confidential data increasing in 2008

This year has begun with alarming data: in addition to Trojans, the use of worms to steal users’ confidential data is also on the increase. According to data collected by the Panda ActiveScan online anti-malware solution, while Trojans caused 24.41 percent of infections, worms accounted for 15.01 percent. This data contrasts with the 2007 data, in which attacks caused by worms were responsible for less than 10 percent of infections.

According to PandaLabs, the malware analysis and detection laboratory at Panda Security, this is due to the increasing activity of Nuwar-type worms, also known as Storm Worms. Computer worms can spread rapidly on their own. However, unlike those that caused epidemics massively covered by the media, they do not seek to collapse data traffic or damage computers. Instead, their objective is to steal confidential data for online fraud or identity-theft crimes.

To do so, these worms usually arrive in messages that use social engineering techniques which refer to current affairs. They also include links redirected to pages that have been modified to automatically install other malware which steals the data, or to spoof pages similar to those used for phishing attacks.

Although we suspected this would occur, we didn’t think cyber-crooks would focus on these types of worms so soon. It is a very dangerous threat, since even though its effects are more visible than Trojans’ and they can be neutralized more easily, these worms can carry out indiscriminate “storm’ attacks to collect large amounts of confidential data very quickly. For further efficiency, hackers are putting numerous samples of these worms in circulation in very little time, so the probability of being infected is higher.

Other types of malware that caused damage in January included; adware (21.21%), backdoor Trojans (4.03%), spyware (3.13%) and bots (2.65%).

The most active malware in January was the Downloader.MDW Trojan, designed to download other malicious codes onto the system. Bagle.HX and Perlovga.A come second and third. Next come the Puce.E worm, the Spammer.ADX Trojan and the Brontok.H email worm. The last four in the table are the QV variant of the Bagle worm, the Downloader.RWJ Trojan, the VideoAddon adware and the Lineage.GYE worm, whose objective is to steal passwords of the Lineage online game.

Don't miss