10 million actively exposed to identity theft in 2008
PandaLabs announced the findings from a comprehensive identity theft study. Based on the analysis of 67 million computers during 2008, PandaLabs revealed that 1.1 percent of the worldwide population of Internet users have been actively exposed to identity theft malware.
Following are highlights on PandaLabs’ key findings on the evolution of online identity theft:
- 1.07 percent of all PCs scanned in 2008 were infected with active malware (resident in memory during the scan) related to identity theft, such as banker Trojans
- 35 percent of the infected PCs had up-to-date antivirus software installed
- The number of PCs infected with identify theft malware increased by 800 percent from the first half of 2008 to the second half
- Arizona, California and Florida continue to be the states with the highest per-capita incidence of reported identity theft
- PandaLabs predicts that the infection rate will increase by an additional 336 percent per month throughout 2009, based on the trend of the previous 14 months.
Active malware means malware that is loaded into the PC’s memory and actively running as a process. For example, users of PCs infected with this type of identity theft malware who utilize online services such as shopping, banking, and social networking, have had their identities stolen in some fashion. According to the Federal Trade Commission (FTC), the average time victims spend resolving identity theft issues is 30 hours per incident. The cumulative cost in hours alone from identity theft related malware based on Panda Security’s projected infection rate could reach 90 million hours.
The study revealed that an alarming 35 percent of the PCs infected with this type of malware were using up-to-date antivirus software. Antivirus labs are receiving a massive amount of new malware samples each day (30,000 new samples per day according to PandaLabs), and antivirus vendors are continually updating their services to keep up with the overwhelming volume of new malware surfacing each day.
AV detection labs such as PandaLabs have made advances in automated detection and classification capabilities. These new detection methods as well as improved surveillance and cloud-based detection techniques have reduced the risk of individual identity theft incidents and its associated costs. Some global banks, notably in Brazil, have made changes to banking authentications using electronic tokens and virtual keyboards, but these approaches have been slow to be adopted in the U.S.
Banker Trojans are malware specifically created to steal user account information from banks and their customers. Trojans have increased in sophistication and are now able to easily update and expand the list of banks they can attack via the Internet. The top families of banker Trojans that are the most prevalent in infiltrating users’ systems are:
Trj/Cimuz
Trj/Sinowal
Trj/Bankolimb
Trj/Torpig
Trj/Goldun
Trj/Dumador
Trj/Spyforms
Trj/Bandiv
Trj/SilentBanker
Trj/PowerGrabber
Trj/Bankpatch
Trj/Briz
Trj/Snatch
Trj/Nuklus
Trj/Banker
The most common origins of these banker Trojans are China and Russia, with Korea and Brazil also emerging as countries of origin for these threats.
Other general, non-banker Trojan, forms of identity theft malware steal usernames and passwords to chat, games or applications as well as personal information. The most common types of non-banker Trojan identity theft malware are:
Trj/Lineage
W32/Lineage.worm
Trj/Legmir
Trj/Wow
W32/Wow.worm
Trj/MSNPassword
Trj/PassStealer
Trj/QQPass