Malware trends in 2009

MessageLabs released their 2009 Annual Security Report, and here is what they have to say about the malware that plagued us in the passing year.

1 of every 286.4 emails carried a virus, which is a decided improvement on 2008, when there was one in every 143.8 emails. This drastic decline is due to a greater variety of malware – more variants – that is delivered in lesser numbers per strain than before. 15 percent of emails had a malicious link inside, rather that malware in the attachment.

The great majority of malware that we have seen recently aims to achieve one of three things (or a combination of them):

  • Fraud
  • Theft of personal information
  • Infection of the machine and harnessing it into a botnet.

It is more rare to witness malware that has DDoS capabilities or are set on corruption or deleting files on the computer it infects.

Attacks can be targeted or semi-targeted. Key characteristics of targeted attacks:

  • Small volumes of email
  • Frequent targets are government and military organizations, media and energy companies, businesses that trade internationally
  • Attachments are usually .exe files disguised as .pdf files or files with extensions belonging to MS Office applications
  • Subject of the message is either business or news related, and has either a spoofed From field or is sent from a webmail account.
  • Attacks are prevalently directed at higher and medium ranking employees.

Semi-targeted attacks are mostly directed at users of social networking sites such as Facebook, Twitter, MySpace, etc. They include injections of malicious scripts, rogue third party applications and social engineering.

This year was the year of the generic Trojan droppers: Conficker/Downadup and Bredolab, that – once installed – give to the sender control over the targeted user’s computer and download other malware. The ZeuS/Zbot banking Trojan was also among the most sent.

Other malware attacks included rogue security products (scareware), disposable malware on malicious or compromised websites, drive-by and IM atacks.

MessageLabs predicts that in 2010:

  • Malware will become increasingly specialized
  • Antivirus solutions will not be enough to stop its onslaught
  • There will be more Instant Messaging attacks
  • Social engineering will become heavily used in the attacks
  • Rogue security product will become even more aggressive and disruptive
  • Fast flux botnets will increase
  • Users of social networks will targeted even more.

To read the report in full and find about other threats that marred the security landscape this past year, go here.

Don't miss