A number of security companies have come out with their first quarter 2008 assessment of the badware on the internet.
F-Secure begins with a somewhat disturbing statement in their report: “While there are more viruses being created than ever before, people often actually report seeing less of them. One reason behind this illusion is that malware authors are once again changing their tactics in how to infect our computers.” Viruses are being effectively camouflaged and acting through less obvious vectors.
F-Secure also notes, as we reported in our “Trends in Badware 2007” report last September, that malware makers have moved past emails and are targeting computers through drive-by-downloads, defined by the Antispyware Coalition as:The automatic download of software to a user’s computer when she visits a Web site or views an html formatted email, without the user’s consent and often without any notice at all. Drive-by-downloads are typically performed by exploiting security holes or lowered security settings on a user’s computer.
F-Secure aptly summarizes the risk as “instead of getting infected over SMTP, you get infected over HTTP.” These attacks exploit a weakness in a browser, browser plug in, or operating system. Many techniques are used to expose users to malware, from infiltrating trusted sites to disguising links to malware sites through social engineering.
F-Secure also spotlights the reappearance of MBR rootkit (MEBroot), a blast from the past, and a look into the future as mobile devices become targets for spam and worms distributed via SMS and Bluetooth. All told, F-Secure predicts that if current rates continue, the total number of known Trojans and viruses will exceed one million by the end of 2008.
Help Net Security, or MessageLabs, writes that 9.2% of malware intercepted in 2008 was new. They are also identifying approximately 595 new sites a day “harboring malware and other potentially unwanted programs such as spyware and adware.” On the spam front, MessageLabs reports: “The prolific Storm botnet is responsible for 20 percent of all spam in the first quarter of 2008, with messages selling male enlargement drugs accounting for 41 percent of its efforts.” Which raises a question for me: who shops for personal enhancement on randomly email ads?
Panda Security has a list of the most active viruses in the first quarter. Here are the first three of ten:- Adware/Comet
- Adware/NaviPromo
- W32/Bagle.HX.worm
Researchers from Panda Labs agree that the increasing prevalence of Trojans makes detection more difficult for security companies, agreeing with Brian Krebs’ recent post. Krebs is correct to stress that an “[a]nti-virus software is no substitute for common sense.”
Many of the developments in malicious technology are created specifically to obviate common sense. Perhaps caution when clicking emailed links and maintaining up to date software should be considered a first line of intentional self-preservation rather than common sense.