Trend Micro today announced the latest trends from its semi-annual 2010 global threat report.
During the first half of 2010, Europe sped through the spam-generating fast-lane, bypassing North and South Americas, and Asia-Pacific, to earn the 'Top Producer of Spam' title.
Spam continued to grow between January and June 2010, with a brief lull during April. Despite common perception, porn consists of only 4% of all spam.
Commercial scams-based and health/medical categories make up 65% of the spam generated throughout the world, with HTML spam being the most commonly used technique by spammers.
First half of 2010: Web-based threat trends
According to the report, malicious URLs increased from 1.5 billion in January to over 3.5 billion in June. North America sourced the most malicious URLs, while Asia-Pacific had the most victims of malware infections. The top URLs blocked by Trend Micro were adult Web sites, as well as sites that hosted malicious variants such as IFRAME code, TROJ_AGENT, and JS_DLOADR.ATF.
First half of 2010: File-based threat trends
TrendLabs, Trend Micro's global network of threat researchers, now handles around 250 000 samples each day. Recent estimates though place the number of unique new malware samples introduced in a single day at greater than 60 000.
Trojans account for about 60% of new signatures, or antidotes, created by TrendLabs, and 53% of overall detections, as of June. Backdoors and Trojan-spyware, often defined as crimeware or data-stealing malware, come in second and third places, respectively. The majority of Trojans lead to data-stealing malware.
India and Brazil distinguished themselves by having the most botted computers, tools of choice by cyber-criminals building botnets for distributing malware, perpetrating attacks and sending spam. Botnet herders - the cyber-criminals behind the botnets - earn millions of dollars in money stolen from innocent computer users.
First half of 2010: industry trends
When it comes to malware infections by industry sector, education took the lead during the first half of 2010 - nearly 50% of all malware infections occurred within schools and universities where IT and security staffers face the challenge of securing a complex, distributed and diverse infrastructure supporting countless students not likely to follow Internet security measures. The government and technology sectors follow next, each grabbing 10% of all malware infections.
First half of 2010: notorious "bad actors"
According to the report, ZeuS and KOOBFACE made the most impact during the first half of 2010. ZeuS, crafted by an Eastern European organised crime network, is primarily a crimeware kit designed to steal users' online banking login credentials and other personal data. Small businesses and their banks are targeted by the thieves. Hundreds of new ZeuS variants are seen by Trend Micro every day, and this is not likely to change in the near future.
The KOOBFACE botnet achieved infamy as the largest social networking threat to date. In the early part of this year, TrendLabs experts noted that the KOOBFACE gang was continuously updating their botnet: changing the botnet's architecture, introducing new component binaries, and merging the botnet's functions with other binaries. They also began encrypting their command and control (C&C) communications to avoid monitoring and takedown by security researchers and the authorities.
Cyber hit-and-runs: "drive-by" vulnerabilities
Vulnerabilities in applications have always been a part of the security landscape. In the first half of 2010, Trend Micro threat researchers report a total of 2 552 common vulnerabilities and exposures published, with many more that are privately reported to vendors and therefore not published externally.
For end-users, vulnerabilities have facilitated "drive-by" threats, where all that is necessary to become infected by malware is to visit a compromised Web site.
Servers are coming under attack as well, with cyber-criminals exploiting un-patched vulnerabilities. While this may be more difficult than compromising a single user system, the potential reward for cyber-criminals is greater.
Cloud-based protection from Trend Micro
The Trend Micro Smart Protection Network provides cloud computing security infrastructure behind many Trend Micro products and delivers advanced cloud security, blocking threats in real-time before they reach you. Currently, the Smart Protection Network sees 45 billion queries every 24 hours, while it blocks 5 billion threats and processes 2.5 terabytes of data on a daily basis. On average, 80 million users are connected to the network each day.
The Smart Protection Network uses patent-pending "in-the-cloud correlation technology" with behaviour analysis to correlate combinations of Web, e-mail and file threat activities to determine if they are malicious. By correlating the different components of a threat and continuously updating its threat databases, Trend Micro has the distinct advantage of being able to respond in real-time, providing immediate and automatic protection from e-mail, file and Web threats.
For further information, please contact Lee Bristow at tel. +27 11 790 2500; fax +27 11 790 2599; e-mail leeb@securedata.co.za.
Share
Trend Micro
Trend Micro, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the latest Web threats. Trend Micro's flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. Many of these solutions are powered by the Trend Micro Smart Protection Network, a next-generation cloud-client content security infrastructure designed to protect customers from Web threats.
SecureData
SecureData is a specialist, value-added distributor of perimeter, application, network, endpoint, storage and identity information security solutions and risk management solutions for the African sub-continent and Indian Ocean islands. A cross-section of the available solutions from SecureData illustrates wide coverage of the following information security and risk management domains: business continuity, security appliances and devices, hardware authentication, identity and access management, security and vulnerability management, secure content management, threat management and security services.
SecureData's information security and risk management solutions include best-of-breed solutions, devices and appliances for the perimeter, data centres, applications, network, endpoints, messaging and Web. In addition, as a value-add to vendor, channel and customer, SecureData also provides a full complement of support, pre-sales and professional services around the solutions positioned in each discrete security vertical.
For more information, visit SecureData at http://www.securedata.co.za.
Editorial contacts