Kaspersky Lab announces the publication of its Monthly Malware Statistics for February 2010. There may be no new trends to speak of this month but the statistics paint a very clear picture of the current situation: if your computer’s going to be infected, the Internet will most probably be to blame.
The very nature of the Internet makes it the perfect medium for spreading malicious programs. In the past, cybercriminals would entice users to malicious sites they had created, but they have recently changed tack by making use of legitimate resources that have been compromised. A script is added to the compromised pages which redirects users to a malicious website. If the attack is successful, malware is downloaded to the victim machine without the user’s knowledge.
The scale of this cybercriminal activity is reflected in our Top Twenty rating of malicious programs detected on the Internet. Of the 20 programs to make it into February’s rating, 14 were new entries. By contrast, there were only four newcomers in the Top Twenty rating that tracks programs that are blocked directly on users’ computers (the latter rating does not include statistics about malware downloaded from the Internet).
Among the 20 most active threats on the Internet, there are eight that can be used to redirect users from compromised legitimate sites to malicious ones. This is the method used by the leading Internet threat, the now notorious Gumblar, and its position at the top of the rating signals the onset of yet another epidemic of this script downloader. A similar downloader is at the center of the Pegel epidemic, which broke out in January and is still growing in scale. There are four representatives of this family among February’s new entries, one of which made it straight to third place.
When users end up on the malicious sites mentioned above, an executable file is downloaded to their computer. The cybercriminals do this by exploiting vulnerabilities in major software products such as Internet Explorer and Adobe Reader. Often, these attacks exploit vulnerabilities that were detected several years ago, which suggests there are lots of users out there that still haven’t patched flaws in their computer software.
Unfortunately, even updating software from major vendors on a regular basis does not guarantee security, as vendors may not always release patches promptly. The fact that Exploit.JS.Aurora.a is in ninth place attests to this. It is an exploit for an Internet Explorer vulnerability that was used in an attack targeting major organizations (including Google and Adobe) with the aim of accessing personal data and corporate intellectual property. Despite Microsoft knowing of this loophole for a number of months, it was only patched a few weeks after the attack began.
Exploit.JS.Aurora.a also came seventh in the Top Twenty rating for malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time on users’ computers. The Kido epidemic, which continues unabated, leads the way in this rating with the network worm accounting for three of the top five entries.
Under such circumstances it’s important to exercise caution – particularly when surfing the Internet – and of course an integrated, regularly updated antivirus solution is a must!
You can read the full version of the Monthly Malware Statistics for February on www.viruslist.com.