PandaLabs Quarterly Report (July-Sep 2008): The increase in fake antivirus products caused adware figures to grow in the third quarter
October 2008 by Panda
Adware increased more than any other type of malware during the third quarter of the year. It accounted for 31.05% of all new malware that appeared in the third quarter, up almost 10 points from the previous quarter. The main reason, according to the PandaLabs report, is the increase in fake antivirus products used to trick users, infect computers and ultimately, defraud the victims.
Fake antivirus products, when run, appear to carry out a scan of the computer and, inevitably, detect a series of infections which are actually completely false. The applications claim that in order to ‘disinfect’ the computer, users must buy the pay-version of the antivirus. If users fall for this ruse, they will be paying to remove malware which never really existed. The objective of cyber-crooks is, as in most cases, to profit financially.
Despite this growth in adware, there were more Trojans than any other category of malware, accounting for almost 60 percent of all malware samples that appeared between July and September. Worms (4.53%) and spyware (2.93%) were the other most prevalent categories.
Adware, however, was responsible for more infections than any other type of malware, accounting for 37.49% of all infections recorded by PandaLabs. Trojans (28.7%) and worms (11.56%) were in second and third place respectively.
NDRs: evolving spam techniques
The last few months have witnessed a notable rise in a new type of spam technique: NDRs.
An NDR (Non Delivery Report) is an email automatically sent by mail systems to inform senders of problems delivering their messages.
NDRs are therefore not (at point of origin) spam, but legitimate emails usually delivered by badly-configured mail servers. At present, leading anti-spam companies do not consider that spam is defined by content, instead they regard spam as “unsolicited emails sent on a massive scale”. NDRs are regarded as solicited mail, as in theory they respond to an email sent by the victim. As a consequence, anti-spam techniques used up until now are not effective against these types of messages.
Moreover, the actual amount of spam distributed is doubled, as the fact that a user receives an NDR corresponding to an email she hasn’t sent, means that somebody is sending spam using her email address. This is achieved by stealing legitimate email addresses using malware, or buying them on forums, and using them as the sender through an SMTP service. The target mail server does not verify if the sender’s address is legitimate and only ensures that the target address exists. If it does exist, it will receive the spam, and if it doesn’t, the real owner of the sender’s address will receive junk mail in the form of an NDR.
“This technique is used by cyber-crooks to bypass anti-spam systems, as junk mail will be delivered if it is in someone’s list of contacts”, explains Luis Corrons, technical director of PandaLabs.