Kaspersky Lab releases Threat Evolution report
In 2010 there was more than 580 million web-based attacks against users’ computers — nearly eight times more than the number of online attacks recorded in 2009, according to Kaspersky Lab’s annual Threat Evolution report.
This surge is related to the prevalence of exploits that allow hackers to infect website visitors’ computers without them noticing, using the notorious drive-by download technology. A single malicious program can penetrate a user's computer via dozens of vulnerabilities in browsers and other applications used to process web content, which has led to a proportionate increase in the number of online attacks.
In 2010, the total number of online attacks logged by Kaspersky Lab online antivirus products, and local virus incidents logged on user computers, exceeded 1.9 billion. Attacks launched via web browsers represented more than a third of this indicator, which is over 500 million attacks. Browsers became the primary route for infecting users’ computers with malware and Kaspersky Lab experts don’t expect that to change in the near future.
According to Kaspersky Lab, P2P networks are the second most commonly used channel for spreading threats. Cybercriminals are also actively using popular social networks such as Facebook and Twitter to spread their misery. The rapid advance of malicious code is aided by the numerous vulnerabilities in these sites, which means the number of social network-based attacks will continue to grow.
Although new malicious programs appeared in 2010 at the same rate as in 2009, their complexity and functionality — and thus the threat they pose to users — increased. Some of the most complex threats used new technologies to penetrate the 64-bit platform, and many others propagated using the zero-day vulnerabilities. Examples of the most sophisticated threats include the Mariposa, ZeuS, Bredolab, TDSS, Koobface, Sinowal and Black Energy 2.0 botnets, each of which brought together millions of infected computers and the TDSS backdoor, which infects the MBR and launches destructive activity even before the OS boots up.
The Stuxnet worm represents today’s technological peak in virus writing. This malicious program simultaneously uses several vulnerabilities in the Microsoft Windows operating system, bypasses system verification using legitimate digital certificates (that have since been revoked), and attempts to control programmable logic controllers and the frequency converters involved in critical engineering processes.
Malicious programs similar to Stuxnet could be used in targeted attacks against specific companies. The increased number of targeted attacks was another trend noted in 2010. Examples include some very narrowly-focused cyber attacks, such as Aurora, which was launched in order to steal user information and source code from software projects of several major companies, including Google and Adobe. It is possible that now, programs like Stuxnet will be more frequently included in the arsenal of some companies and secret services.
The detection of threats that have already penetrated users’ systems gives us a picture of the computer infection level of any given country. The dubious honour of leading positions in this category was shared by developing countries in Asia and Africa in 2010, due to the rapid pace at which Internet access is becoming available, combined with low levels of computer literacy among the users in those regions. The countries with the lowest percentage of infected computers in 2010 were Japan, Germany, Luxembourg, Austria and Switzerland.
For a complete version of Kaspersky Lab’s Threat Evolution report, please visit:
http://www.securelist.com/en/analysis/204792161/Kaspersky_Security_Bulletin_Malware_Evolution_2010
