Worms infest PCs

Johannesburg, 07 Feb 2008

Panda Security SA CE Jeremy Matthews says last month saw a drastic increase in the use of worms to steal confidential company data.

Matthews says Panda Security's malware analysis and detection laboratory attributes the 50% increase in the use of worms to cyber criminals keen to commit online fraud or identity theft. He adds that the worm-de-jour is storm worms.

"Although we suspected this would occur, we didn't think cyber-crooks would focus on these types of worms so soon," says Matthews.

"While Trojans caused 24.41% of infections, worms accounted for 15.01%. This data contrasts with the 2007 stats, in which attacks caused by worms were responsible for less than 10% of infections."

Matthews adds: "It is a very dangerous threat, since even though its effects are more visible than Trojans and they can be neutralised more easily, these worms can carry out indiscriminate 'storm' attacks to collect large amounts of confidential data very quickly.

"For further efficiency, hackers are putting numerous samples of these worms in circulation in very little time, so the probability of being infected is higher."

Worms usually arrive in messages that use social engineering techniques that refer to current affairs. They also include links redirected to pages that have been modified to automatically install other malware, which steals the data, or to spoof pages similar to those used for phishing attacks.

Other types of malware that caused damage in January included adware (21.21%), backdoor Trojans (4.03%), spyware (3.13%) and bots (2.65%).

The most active malicious code in January was the Downloader.MDW Trojan, designed to download other malicious codes onto the system. Bagle.HX and Perlovga.A come second and third.

The Puce.E worm came fourth, followed by the Spammer.ADX Trojan and the Brontok.H e-mail worm. The last four on the list are the QV variant of the Bagle worm, the Downloader.RWJ Trojan, the VideoAddon adware and the Lineage.GYE worm.