Internet? A very dangerous place
Trend Micro security enterprise has ranked the attack vectors exploited by the 100 most widespread malware from January to November 2008, and the results speak by themselves: among all the possible infection ways Internet is absolutely the most used (or better still abused) one by worms, trojans and other types of digital pathogenetic agents constantly hunting for victims and unprotected systems to compromise.
According to the picture drawn by Trend Micro, the infections gotten by surfing on malicious or unknown websites and through the links contained in the junk-mails represent 53% of the whole sample taken into account. On second place, with 43% of the cases, there is the download executed by some malware already present on the system, a more and more widespread condition in which the infections contain several components obtained on-line at the earliest opportunity.
The third place is for the e-mails containing malicious attachments (12%), followed by the removable drives like USB memory sticks, floppy disks and so on (10%) and then by all the other types of vector. A certain amount of the 100 malware taken into consideration has been counted multiple times during the analysis, because of the “inherent flexibility” of the Internet as used by cyber-criminals: the same trojan “may be hosted on a malicious website“, Macky Cruz writes on the Trend Micro blog, and it can compromise the system through a link within a spam mail too or perhaps can be downloaded directly by a user in search for some nasty software like the crack for the current videogaming hit.
Insofar as the general situation is the one depicted in the illustration, Trend Micro also indicates the specific distinctions for any macro-area of the planet: in North America the most widespread threat is represented by adware and data-stealing malware coming from the Internet, in Asia and Australia the amount of infections caused by removable drives counts up to 15% of the total with the resulting increased presence of autorun malware, diluted however by the high number of on-line gaming spyware and traditional file viruses spreading in China.
Autorun malware is on the rise within the EMEA area (Europe, Middle East and Africa) too with 22.41% of the total infections, but in this case they must share the cake with a good number of trojan downloader outbreaks (51.72%) and web infections based on malicious IFrame components (10.34%). In Latin America, in the end, the multi-component infections dominate with an absolute prevalence of the malware downloaded by other malicious software already present on the system (72.88%) and of the ones downloaded from the Internet anyhow (67.80%).
In conclusion, Cruz writes that the Trend Micro analysis is not and cannot be an all-inclusive picture of all the malware samples circulating nowadays but only a pretty meaningful representation of the likings on the attack vectors by the most skilled and productive malware writers. The fact that Internet has become a rather dangerous place, the Trend Micro editor writes, is “a sad confirmation that despite all awareness campaigns for safe computing, users still tend to victimize themselves out of curiosity“.
Trend Micro doesn’t seem however to take into due consideration the dizzying rise in the use of flaws within network software or the Windows OS, a situation in which even the most secure and updated PC couldn’t be enough to stop the proliferation of worms and trojans. A few days ago Microsoft warned for a flaw in the application WordPad Text Converter available in any Windows version, a flaw that is currently exploited by “in the wild” attacks. Or there is the report from the SANS Institute about a working 0-day exploit for Internet Explorer, not to say of course about the infamous Conficker.A worm (also known as Downadup), which according to the experts in these weeks have built a massive botnet mounting on the as much infamous MS08-067 flaw closed in October with an emergency fix by Microsoft.
In such a scenario it’s of no surprise that the American computer scientists are asking for classifying botnets as electronic weapons of mass destruction, and the F-Secure CRO Mikko Hyppönen renew his call to the authorities to build the foundations of an Internetpol. “The bottom line today is that too few of the perpetrators get punished” Hyppönen says, and the result is that “we’re sending the wrong message to criminals: here is a way to make lots of money and you will never be caught or punished“.
- The 5 all-time worst malware according to Trend Micro
- New tricks for file viruses
- Klaatu, barada, nikto, Conficker!
- Conficker worm asks for instructions and gets an update
- Conficker, it’s open war between the industry and malware writers
- Conficker, the perfect storm worm
- 22,000 new malware samples per day, a network worm breakout and the sandbox-enabled antivirus
- New Gpcode version detected. Ransomware strikes again
- Mikko Hypponen calls upon the foundation of the Internetpol
- Internet & Windows Vista: it’s the age of the Great Flaws