Development of threats I half of 2008 through the eyes of Kaspersky Labs
September 16, 2008, 12:29 pm
Kaspersky Laboratory, submitted a report threats to development in the first half of 2008. It specialists point out that the development of threats in 2008 continues to have formed in 2007 scenario:virus was still not utruzhdayut a significant technological developments, preferring quantity rather than quality of malicious software. In the first half of 2008, analysts Kaspersky Labs discovered 367 772 new malicious programs - in 2, 9 times or 188, 85% more than in the second half of 2007. Such growth rates far exceed the results in 2007, when it was found at 114% of malicious software than in 2006. Programme TrojWare class are still the absolute leaders - they account for more than 92% of all malicious programs. The share TrojWare grew by only 0, 43% - is significantly less than their growth in two-plus percent in 2007. Among the growing popularity of Trojan programs Trojan-Dropper - increasingly crackers use tactics of concealment Trojan file inside distributions other programs for simultaneous installation of a computer to kill the maximum number of different Trojans. Virusopisateli aspire to the universalization of Trojan code. They have to abandon the practice of creating several functional modules that interact with each other, and try to realize all the functions in one application. As a result, the popularity rating of Trojan programs of various behaviors normal Trojan climbed from fifth to third position. continued growth in the number of new Trojan programs aimed at stealing passwords to online games. During the first half of Kaspersky Labs analysts found an average of 273 new slot Trojan per day, of which 259 were able to steal passwords are not one, but several online games. The vast majority of gaming Trojans discovered in recent months, equipped with backdoor functionality, which makes them dangerous not only for players but for all Internet users. As for rootkits, they share relatively TrojWare changed slightly. But in the first half of 2008, there were several significant events of direct concern to them. In January-March, new modifications butkita Sinowal. And in May, was found mythical rootkit Rustock. c. These events have revealed several serious problems in the antivirus industry, not only related to the detection and treatment of rootkits as a whole, but in methodologies and data collection and analysis of new samplov, as well as the reaction rate antivirus software producers to such threats. For mobile devices suddenly changed the focus of threats:instead of virus attacks on smartphones have decided to significantly expand the zone of destruction and began to specialize, mainly to Trojan programs created for the J2ME platform and can operate almost any mobile phone. Such programmes (nearly five dozen new versions) to send an SMS to the premium paid numbers, have devastated the balance of the user and bringing direct profit sponsors Trojans. In 2008, the continued decline in the share of viruses and worms:the first half they were less than 4% of all malicious programs. Of the three classes of malicious programs VirWare showed the lowest growth rate - a total of 129%, but in practice it means more than two thousand new viruses and worms per month. Among the programs in class VirWare leaders broke representatives Worm, in second place were network worms (Net-Worm). In the absence of critical vulnerabilities, who worked using such worms past, as Lovesan and Sasser, modern network worms are increasingly being used to disseminate hacked websites and social networks. Classic file viruses have shown negative growth (-73%), but viral actively adds functionality to various backdoors and worms. Recent viruses have become powerful components botnetov targeted including the theft of user data and the organization of DDoS-attacks. Brightest representatives of these programs are viruses Virut, Alman, Allaple, worms and Fujack Autorun. In the first half of 2008, these malicious programs have caused multiple infection worldwide. This means that in the near future viral functionality will be added to the backdoors and worms are still active. The proportion of programmes class Other MalWare (other malicious software) on all malicious programs in the first half of 2008 grew and reached 3, 48%. This class is still the least prevalent on the number of detected malicious programs, but the largest by number of behaviors. In general, the number of new threats is growing in almost geometric progression. This process is accompanied by a reduction in lifetime of new malicious programs in the wild. However, according to experts Kaspersky Labs, it is possible that slowing growth in the number of new threats, or even stabilization of the situation could start as early as this year. Undoubtedly, already achieved volumes (about 500 000 new malicious programs over six months) will be saved, but within these limits, most antivirus companies are capable enough to cope effectively with the problems. The full version of the report threats to development in the first half of 2008 is available on the site Viruslist.