– The malware distribution techniques in the spotlight this quarter include clickjacking, BlackHat SEO and 0-day attacks
– 95% of all email in circulation was spam, and 55% of global spam originated from just 10 countries
– Android smart phones are being targeted by hackers, thanks to their widespread popularity
– You can download the full PandaLabs quarterly report from White Papers
PandaLabs, Panda Security’s anti-malware laboratory, has published its quarterly report on global virus activity. This third quarter has once again seen Trojans in the spotlight, as 55% of all new threats created were in this category.
Infection via email, traditionally the most popular vector for spreading malware, has declined in favor of more modern methods: use of social media, such as the clickjacking attacks using the Facebook “Like” button, fake Web pages positioned on search engines (BlackHat SEO) and exploits of 0-day vulnerabilities.
In addition, Google’s Android operating system for smart phones has come into the line of fire. Various threats have appeared recently, aimed above all at racking up phone bills or targeting the geolocalization function of the terminals.
Malware info
There were few surprises with respect to the amount of malware: 55% of new threats created this quarter were Trojans, most of them banker Trojans. This is in line with the general increase in these types of threats that we have witnessed over the last two years.
In the ranking of countries and regions suffering most infections, Taiwan heads the list followed by Russia, Brazil, Argentina, Poland and Spain.
With respect to spam, 95% of all email circulating across the Internet during the last quarter was junk mail. Some 50% of all spam was sent from just ten countries, with India, Brazil and Russia at the top of the list. For the first time, the United Kingdom has disappeared from the Top 10 list of spammers.
Record level of new infection techniques
This edition of the report highlights the record levels of threat distribution through new channels. Using a method known as clickjacking, hackers hijacked the Facebook ‘Like’ button to take users to other websites; fake Web pages have been positioned in search engine results using BlackHat SEO techniques, and 0-day vulnerabilities have frequently been exploited.
An eventful quarter
This last quarter has thrown up numerous security incidents. We have witnessed an attempt to trigger a major epidemic, like those in the past caused by ILoveYou or Sircam, with the “Here you Have” worm, which has had a significant impact. Responsibility for the worm has been claimed by an Iraqi resistance group.
There has also been much talk of two serious 0-day flaws in the code of Microsoft’s operating system. One of these could have been exploited to attack SCADA systems (specifically, nuclear power stations), although this rumor is yet to be confirmed.
Another major story relating to IT security, good news in this instance, has been the arrest of the creator of the Butterfly botnet kit, source of the notorious Mariposa network that impacted 13 million computers around the world.
And finally, the latest and hopefully last scare of this third quarter: a worm called ‘Rainbow’ or ‘OnMouseOver’. A vulnerability in the code of Twitter allowed JavaScript to be injected, enabling a series of actions: redirecting users to Web pages, publishing javascript on the user’s timeline without their permission or knowledge, etc. Twitter however resolved the problem in just a few hours.
Android: in the firing line of hackers
Over these three months we have also witnessed what could be the beginning of a wave of threats targeting smart phones, as it seemed that hackers have started lining up Android, Google’s popular operating system. Two applications have been developed specifically for this platform: FakePlayer, which under the guise of a video player, sends SMS messages generating a hefty phone bill for victims without their knowledge; and TapSnake, an app disguised as a game which sends the geolocalization coordinates of the user to an espionage company.
We are also beginning to see legitimate Android apps compressed with self-extracting files, designed to infect when the application is extracted. In other words, Android apps are being used as bait to infect computers with self-extracting files.
You can download the PandaLabs quarterly report from White Papers.
More information is available in the PandaLabs Blog.