Trend Micro Global Threat Report:Europe Dominates in Spam Growth,While North America Leads in Malicious URLs
During the first half of 2010, Europe sped through the spam-generating fast-lane, bypassing North and South Americas, and Asia-Pacific to earn the Top Producer of Spam title. Based on the Trend Micro first half of 2010 threat report, available in full here, spam continued to grow between January and June 2010, with a brief lull during April. Despite common perception, porn consists of only 4 percent of all spam. Commercial, scams-based and health/medical categories make up 65 percent of the spam generated throughout the world, with HTML spam being the most commonly used technique by spammers.
First half of 2010: Web-based threat trends
According to the report, malicious URLs increased from 1.5 billion in January to over 3.5 billion in June. North America sourced the most malicious URLs, while Asia-Pacific had the most victims of malware infections. The top URLs blocked by Trend Micro were adult websites, as well as sites that hosted malicious variants such as IFRAME code, TROJ_AGENT, and JS_DLOADR.ATF.
First half of 2010: File-based threat trends
TrendLabs, Trend Micros global network of threat researchers, now handles around 250,000 samples each day. Recent estimates though place the number of unique new malware samples introduced in a single day at greater than 60,000.
Trojans account for about 60 percent of new signatures, or antidotes, created by TrendLabs, and 53 percent of overall detections as of June. Backdoors and Trojan-spyware, often defined as crimeware or data-stealing malware, come in second and third places, respectively. The majority of Trojans lead to data-stealing malware.
India and Brazil distinguished themselves by having the most botted computers, tools of choice by cybercriminals building botnets for distributing malware, perpetrating attacks and sending spam. Botnet herders the cybercriminals behind the botnets -- earn millions of dollars in money stolen from innocent computer users.
First half of 2010: Industry trends
When it comes to malware infections by industry sector, education took the lead during the first half of 2010 nearly 50 percent of all malware infections occurred within schools and universities where IT and security staffers face the challenge of securing a complex, distributed and diverse infrastructure supporting countless students not likely to follow security measures. The government and technology sectors follow next, each grabbing 10 percent of all malware infections.
First half of 2010: Notorious bad actors
According to the report, ZeuS and KOOBFACE made the most impact during the first half of 2010. ZeuS, crafted by an Eastern European organized crime network, is primarily a crimeware kit designed to steal users online banking login credentials and other personal data. Small businesses and their banks are targeted by the thieves. Hundreds of new ZeuS variants are seen by Trend Micro every day, and this is not likely to change in the near future.
The KOOBFACE botnet achieved infamy as the largest social networking threat to date. In the early part of this year, TrendLabs experts noted that the KOOBFACE gang was continuously updating their botnet: changing the botnets architecture, introducing new component binaries, and merging the botnets functions with other binaries. They also began encrypting their command and control (C&C) communications to avoid monitoring and takedown by security researchers and the authorities.
Cyber hit-and-runs: Drive-by vulnerabilities
Vulnerabilities in applications have always been a part of the security landscape. In the first half of 2010, Trend Micro threat researchers report a total of 2,552 Common Vulnerabilities and Exposures published, with many more that are privately reported to vendors and therefore not published externally.
For end users, vulnerabilities have facilitated drive-by threats, where all that is necessary to become infected by malware is to visit a compromised website. Servers are coming under attack as well, with cybercriminals exploiting un-patched vulnerabilities. While this may be more difficult than compromising a single user system, the potential reward for cybercriminals is greater.
Cloud-based protection from Trend Micro
The Trend Micro Smart Protection Network provides the infrastructure behind many Trend Micro products and delivers advanced protection from the cloud, blocking threats in real-time before they reach you. Currently, the Smart Protection Network sees 45 billion queries every 24 hours, while it blocks 5 billion threats and processes 2.5 terabytes of data on a daily basis. On average, 80 million users are connected to the network each day.
The Smart Protection Network uses patent-pending in-the-cloud correlation technology with behavior analysis to correlate combinations of web, email and file threat activities to determine if they are malicious. By correlating the different components of a threat and continuously updating its threat databases, Trend Micro has the distinct advantage of being able to respond in real time, providing immediate and automatic protection from email, file and web threats.
The full threat report, as well as comprehensive tips on how businesses and consumers can protect themselves, can be found on TrendWatch: http://us.trendmicro.com/us/trendwatch/research-and-analysis/threat-reports/index.html
Previous story:
RSS Feed
