Data-stealing Malware growth spikes in H1 2011

by CXOtoday Staff    Dec 26, 2011

In the first six months of 2011, data-stealing malware and generic Trojans increased from 36 percent of malware detected in January, 2011 to more than 45 percent in April, subsequently maintaining a proportion of well over 40 percent for the rest of the half.

The former high for this metric was 44 percent, in a one-month spike, in August of 2010, according to APWG Cybercrime Report.

The APWG reports in its H1 2011 Phishing Activity Trends Report this month that the propagation of some forms of crimeware surged in the half-year period ending in June, 2011 with data-stealing malware reaching and maintaining a new plateau of contagion.

This metric is a key indicator of cybercrime trends, as data-stealing malware is typically designed to send information from infected machines, to control them, and/or to open backdoors on them.

“The first half of 2011 saw an increase in not only the amount of malicious samples received but more importantly, malware files going after confidential information such as credit card data, social security numbers and credentials to financial websites,” said Patrik Runald, Senior Manager, Security Research for Websense and a Trends Report contributing analyst.

He added that with cybercrime being an industry generating hundreds of millions of dollars for the bad guys it is clear that this is a trend that the industry will see for a long time.

According to Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst, Trojans accounted for 72 percent of the new samples created in H1, 2011, a substantial increase from H2, 2010 when Trojans only accounted for 55 percent of the total sample set recorded.

While conventional, spam-based phishing attacks are not attaining the relentless month-over-month global growth of years’ past, there are indications that new and major phishing hot spots within emerging-market nations are appearing, says the study.

Ihab Shraim, Chief Security Officer and Vice President, Network and Systems Engineering and Trends Report contributing analyst said, “In the first half of 2011, MarkMonitor saw a significant rise of phishing attacks when compared with 2010. Furthermore, phishing attacks are increasingly targeting brands worldwide and, notably, in emerging markets such as Latin America, Middle East and Asia.”

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide.