2008 was a good year for cyber-criminals, with more that 15-million different malware programs surfacing during the year.
During the year, an average of 35 000 malware samples were detected each day by Panda Security's malware research laboratory – and 22 000 of those were new, previously unseen, infections.
By tje end of year, the number of malware threats detected by the global security vendor exceeded 15-million, surpassing initial projections by more than 5-million.
This malware explosion resulted in Panda detecting more malware in the first eight months of 2008 than in the previous 17 years combined.
"Many computer users underestimate the threat that malicious software represents and provide little or no security measures for their computers," says Jeremy Matthews, head of Panda Security's sub-Saharan operations. "The reality is that malware has increased exponentially over the past few years and this false sense of security helps cyber-criminals to infect more and more computers without being discovered."
Trojans were the most common malware infections found at 70,1% of total detections, followed by adware at 19,9% and worms at 4,22%. These three types of infections combined represented the majority of malware detected, totalling 94%.
With respect to the threats that have increased the most in 2008, PandaLabs' annual report highlights the emergence of rogue antivirus programmes. Rogue anti-malware programs are a special type of adware that tricks the computer user into believing they have been severely infected by multiple dangerous malware and offer a paid solution to supposedly remove the infections.
These fake antimalware programmes cost around R700.00 and, according to PandaLabs estimates, collectively generate R136,5-million dollars a month for their creators.
Banker Trojans were one of the primary threats during 2008. This type of Trojan's sole objective is to steal the victim's bank account information in order to access their bank accounts. Normally these Trojans run silently in the computer's memory and are only activated when the victim accesses certain bank web sites.
"For cyber-criminals, it is relatively simple to obtain these malicious programmes since there is a ready marketplace for custom-designed Trojan creation kits, which allow the creation of Trojans that not only feature multiple functionality, but also can be controlled remotely," explains Matthews.
The most active banker Trojans that PandaLabs identified fell into the following three families:
* Brazilian Banker Trojans (Banbra, Bancos): These are mainly designed to steal passwords to Brazilian and Portuguese banks, although the Bancos family also targets Spanish banks occasionally. They normally transmit the information obtained through FTP or email.
* Russian Banker Trojans 1.0 (Cimuz, Goldun.): This type of Trojan is becoming less prevalent over time, since its lack of new functions makes it easier to detect. Nevertheless, there are many variants still in circulation.
* Russian Banker Trojans 2.0 (Sinowal, Torpig, Bankolimb): Russian banker Trojans 2.0 (Sinowal, Torpig, Bankolimb): Created to replace its predecessors, variants of this family are constantly changing and being updated, which makes generic detection difficult.
All of these have a common function: the list of target banks and organizations is obtained from a configuration file, which is either included with the Trojan or obtained from a server controlled by the cyber criminal, so the Trojan itself does not need to be modified in order to add a new target bank.