F-Secure Reports Amount of Malware Grew by 100% during 2007
As much malware produced in 2007 as in the previous 20 years altogether
Helsinki, - In its 2007 data security summary, F-Secure reports of a steep increase in the amount of new malware detected during 2007. In fact the amount of cumulative malware detections doubled during the year, reaching the amount of half a million. This indicates that network criminals are producing new malware variants in bulk.
"We've never seen as many samples arrive to our labs", says Mikko Hypponen, Chief Research Officer at F-Secure Corporation. "We would be unable to handle such huge samples loads if we would not have built a high degree of automation into our malware analysis systems over the past years", he continues.
While no truly new malware technologies were seen the existing ones were refined and adapted for much greater effectiveness. Social engineering remains a key method for propagating malware, and more productive malware development tools and kits are increasingly used by the criminals.
One example of a refined technology was the "Storm Worm" botnet. The successful social engineering methods the Storm gang used during the first half of 2007 were further developed in the second half of the year. Also the technical setup of the Storm botnet is unique: in addition to using a novel peer-to-peer setup to avoid one vulnerable central point of control, the botnet also has a capability of using DDoS-attacks to retaliate against anti-virus researchers investigating the botnet. Such aggressive behavior from the botnet makes it necessary for researchers to use caution in their work, especially as the potential computing power of the Storm botnet is quite significant.
Understandably financial transactions remain a favorite target for network crime. The amount of phishing sites continues to increase, but as bank customers have become more aware of this threat the criminals have started employing more sophisticated techniques. One example of this is banking trojans that use methods such as injecting themselves directly into the browser application (Man-in-the-Browser attacks).
Other increasing data security phenomena during 2007 included parasitic behavior, like the Zlob DNSChanger, and increasing security exploit activity for Apple products, including both Mac’s, iTunes and the iPhone. Also the vulnerability of large databases containing personal data has become an issue with several major leaks reported during the year including tens of millions of e.g. credit card numbers or bank account information. Such leaks enable so called "spear phishing" attacks with very well targeted information. The increased popularity of social networking services carries similar risks.
On the mobile security front Symbian S60 as the most popular smartphone platform has done a good job of curbing malware with its 3rd edition software. Nevertheless, we continue to see spy-tools for the Symbian S60 3rd edition platform. Despite the fairly tightly controlled Symbian signing process for applications, spy-tools are able to get through the process by being submitted as e.g. "back-up" software. Also the increasing popularity of "unlocking" the security controls of both iPhone and Symbian phones is introducing increased risks for the unlocked phones.
The full 2007 Data Security Wrap-Up is available at http://www.f-secure.com/2007/2/
F-Secure predicts the increase in malware volume will continue in 2008. The criminals are successfully creating a network-based underground ecosystem, trading both malware development tools, skills, capabilities and resources ever more effectively. At the same time the reach of the law enforcement agencies remain limited in the global network domain. 2008 will be a challenge of endurance.
About F-Secure Corporation
F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. F-Secure’s award-winning solutions are available as a service subscription through more than 150 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market. The solutions are also available as licensed products through thousands of resellers globally. F-Secure has received the Frost & Sullivan 2007 award for Distribution Strategy Leadership. The company aspires to be the most reliable security provider, helping make computer and smartphone user’s networked lives safe and easy. This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/ .
Helsinki, - In its 2007 data security summary, F-Secure reports of a steep increase in the amount of new malware detected during 2007. In fact the amount of cumulative malware detections doubled during the year, reaching the amount of half a million. This indicates that network criminals are producing new malware variants in bulk.
"We've never seen as many samples arrive to our labs", says Mikko Hypponen, Chief Research Officer at F-Secure Corporation. "We would be unable to handle such huge samples loads if we would not have built a high degree of automation into our malware analysis systems over the past years", he continues.
While no truly new malware technologies were seen the existing ones were refined and adapted for much greater effectiveness. Social engineering remains a key method for propagating malware, and more productive malware development tools and kits are increasingly used by the criminals.
One example of a refined technology was the "Storm Worm" botnet. The successful social engineering methods the Storm gang used during the first half of 2007 were further developed in the second half of the year. Also the technical setup of the Storm botnet is unique: in addition to using a novel peer-to-peer setup to avoid one vulnerable central point of control, the botnet also has a capability of using DDoS-attacks to retaliate against anti-virus researchers investigating the botnet. Such aggressive behavior from the botnet makes it necessary for researchers to use caution in their work, especially as the potential computing power of the Storm botnet is quite significant.
Understandably financial transactions remain a favorite target for network crime. The amount of phishing sites continues to increase, but as bank customers have become more aware of this threat the criminals have started employing more sophisticated techniques. One example of this is banking trojans that use methods such as injecting themselves directly into the browser application (Man-in-the-Browser attacks).
Other increasing data security phenomena during 2007 included parasitic behavior, like the Zlob DNSChanger, and increasing security exploit activity for Apple products, including both Mac’s, iTunes and the iPhone. Also the vulnerability of large databases containing personal data has become an issue with several major leaks reported during the year including tens of millions of e.g. credit card numbers or bank account information. Such leaks enable so called "spear phishing" attacks with very well targeted information. The increased popularity of social networking services carries similar risks.
On the mobile security front Symbian S60 as the most popular smartphone platform has done a good job of curbing malware with its 3rd edition software. Nevertheless, we continue to see spy-tools for the Symbian S60 3rd edition platform. Despite the fairly tightly controlled Symbian signing process for applications, spy-tools are able to get through the process by being submitted as e.g. "back-up" software. Also the increasing popularity of "unlocking" the security controls of both iPhone and Symbian phones is introducing increased risks for the unlocked phones.
The full 2007 Data Security Wrap-Up is available at http://www.f-secure.com/2007/2/
F-Secure predicts the increase in malware volume will continue in 2008. The criminals are successfully creating a network-based underground ecosystem, trading both malware development tools, skills, capabilities and resources ever more effectively. At the same time the reach of the law enforcement agencies remain limited in the global network domain. 2008 will be a challenge of endurance.
About F-Secure Corporation
F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. F-Secure’s award-winning solutions are available as a service subscription through more than 150 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market. The solutions are also available as licensed products through thousands of resellers globally. F-Secure has received the Frost & Sullivan 2007 award for Distribution Strategy Leadership. The company aspires to be the most reliable security provider, helping make computer and smartphone user’s networked lives safe and easy. This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/ .
No comments: