PandaLabs: 22,000 new malware samples created every day in 2008
January 2009 by Panda Security
In 2008 PandaLabs, the malware research laboratory of Panda Security, detected an average of 35,000 malware samples each day, 22,000 of which were new infections. By end of year, the total count of malware threats detected by the Spanish security vendor exceeded 15 million. This number surpassed initial projections by over 5 million. This explosion in malware caused PandaLabs to detect more malware in the first eight months of 2008 than in the company’s previous 17 years combined.
99% of these new threats were automatically detected by Panda Security’s collective intelligence technology, which performs malware analysis and detection in the cloud.
The majority of this new malware (67.7%) were classified as Trojans meaning they were designed to steal confidential data such as bank accounts, passwords and the like. . "Computer users often underestimate the threat that malicious software represents. For this reason, on many occasions they may provide little or no security measures for their computers. The reality is that malware has increased exponentially over the past few years and this false sense of security helps cybercriminals to infect more computers without being discovered", explains Luis Corrons, Technical Director of PandaLabs
Trojans were the most common malware infections found at 70.1% of total detections, followed by adware at 19.9% and worms at 4.22%. These three types of infections combined represented the majority of malware detected, totaling 94%.
With respect to the threats that have increased the most in 2008, PandaLabs’ annual report highlights the emergence of rogue antivirus programs. Rogue antimalware programs are a special type of adware that trick the computer user into believing they have been severely infected by multiple dangerous malware and offer a paid solution to supposedly remove the infections. These fake antimalware programs cost around $70 and collectively generate $13.65 million dollars a month for their creators, according to estimates from PandaLabs.
Banker Trojans: The threat continues.
Banker Trojans were one of the primary threats during 2008. This type of Trojan’s sole objective is to steal the victim’s bank account information in order to access their bank accounts.
Normally these Trojans run silently in the computer’s memory and only activate when the victim accesses certain bank websites.
“For cybercriminals, it’s relatively simple to obtain these malicious programs since there is a ready marketplace for custom designed Trojan creation kits, which allow the creation of Trojans which not only feature multiple functionality, but also have the ability to be controlled remotely and receive new instructions", explains Luis Corrons
The most active banker Trojans that PandaLabs identified fell into the following three families:
1) Brazilian Banker Trojans (Banbra, Bancos): These are mainly designed to steal passwords to Brazilian and Portuguese banks, although the Bancos family also targets Spanish banks occasionally. They normally transmit the information obtained through FTP or email.
2) Russian Banker Trojans 1.0 (Cimuz, Goldun…): This type of Trojan is becoming less prevalent over time, since its lack of new functions makes it easier to detect. Nevárteles, there are many variants still in circulation.
3) Russian Banker Trojans 2.0 (Sinowal, Torpig, Bankolimb): Russian banker Trojans 2.0 (Sinowal, Torpig, Bankolimb): Created to replace its predecessors, variants of this family are constantly changing and being updated, which makes generic detection difficult. All of these have a common function: The list of target banks and organizations is obtained from a configuration file, which is either included with the Trojan or obtained from a server controlled by the cyber criminal, so the Trojan itself does not need to be modified in order to add a new target bank.