Kaspersky Lab publishes its annual report on threat evolution in 2009

17 Feb 2010
Virus News

Kaspersky Lab, a leading developer of secure content management solutions, announces the publication of its annual report on the evolution of spam and malware threats. The main trend in 2009 was the ever greater sophistication of malware technologies. Meanwhile, there were global epidemics, cybercriminals added to their repertoire of Internet scams and the number of new malicious programs started to level out.

A new level of threat and global epidemics

In 2009, malicious programs became significantly more complex. For instance, malware families with rootkit functionality not only became much more widespread but also markedly more sophisticated. Such threats which deserve a mention are Sinowal (the bootkit), TDSS and Clampi.

Unfortunately, predictions by Kaspersky Lab experts that there would be an increase in the number of epidemics proved to be correct. As well as TDSS, Clampi and Sinowal a whole series of malicious programs achieved the status of a global epidemic. The biggest epidemic of the year was Kido (Conficker), which infected over 7 million computers around the world.

For the first time, an international group was created to combat such a widespread threat. Called the Conficker Working Group, it brought together antivirus companies, Internet service providers, independent research groups, educational institutions and regulatory bodies.

Over the last 3-4 years, China has become the leading source of malware. In 2009, Kaspersky Lab detected 73,619,767 network attacks, of which 52.7% originated from Internet resources in China.

China remained the leader in terms of numbers of potential victims, but the number of attacks dropped by 7%. Other countries which were near the top of the table last year, such as Egypt, Turkey, and Vietnam, now seem to be of less interest to cybercriminals. However, the number of attacks on users based in the US, Germany, Great Britain and Russia rose significantly.

Flourishing fraud

The frauds seen on the Internet are also becoming more and more varied. Common or garden phishing attacks have now been joined by sites which offer access to a range of services in return for payment. Russia is the leader in this area, and it is Russian scammers who have created a wide range of sites offering “services” such as “locate someone via GSM”, “read private messages on social networking sites”, “collect information”, etc.

In 2009, rogue antivirus solutions were increasingly used by scammers and cybercriminals. Today, rogue software is not only spread using other malicious programs (e.g. Kido) but also by Internet advertisements.

Alternative platforms

Operating systems for mobile phones and Mac OS X are attracting more and more attention from malware writers. In 2009, even Apple took notice of the threat by building an antivirus scanner of sorts into the new version of its OS. 2009 also saw the first malicious programs detected for iPhones (Ike worms), the first piece of spyware for Android and the first incidents of signed malicious programs for Symbian smartphones.

The appearance of Backdoor.Win32.Skimer, the first malicious program targeting ATM machines, was a unique event in 2009. Once an ATM was infected using a special access card, criminals were able to perform a number of illegal actions: withdraw all the funds in the ATM, or acquire data from cards used in the ATM.


Despite the effects of the crisis, spam in email traffic did not decline. The volume of unsolicited mail worldwide actually grew, albeit by only 3.1%. The average amount of spam in all email traffic in 2009 stood at 85.2%. The US was the biggest single source (16%), while Russia accounted for 8.5% of the world’s spam.

The main innovation in spam in 2009 was the use of YouTube for video spam. Another novelty was the use of mp3 attachments in emails.

What lies ahead?

The experts at Kaspersky Lab expect to see a gradual shift in the types of attacks on users: from attacks via websites and applications towards attacks originating from file sharing (P2P) networks. At the same time, malware is expected to become even more sophisticated.

The experts also forecast a rough ride for the iPhone and devices running the Android OS, as the number of malicious programs targeting them grows. Meanwhile, the decline in gaming Trojans witnessed in 2009 is likely to be repeated for rogue antivirus programs in 2010.

The full version of Kaspersky Lab’s annual Security Bulletin tracking malware evolution in 2009 is available on www.viruslist.com. The full version of the yearly spam report is also available on www.viruslist.com in the Analysis section.