Kaspersky Lab, a leading developer of secure content management systems has released its latest report on the evolution of malware in the first half of 2007, written by Alexander Gostev.

The article examines the changes that have taken place in the malware landscape since the last six months of 2006. It also covers trends in cyber crime over the reporting period and forecasts future developments over the next several months.

Over the first half of 2007, the number of malicious programs detected each month increased by an average of 89% compared with the second half of 2006, amounting to 15,292.20 (compared to 8,108.5 in the second half of 2006). The total number of new malicious programs detected over the first half of 2007 amounted to 91,753.

A trend observed by Kaspersky Lab over the course of several years continued in the first half of 2007 as the number of various Trojans increased, while the number of malicious programs in the VirWare and Other MalWare classes decreased. In the first half of 2007, the percentage of Trojans increased 2.61% and came to a total of 91.36% of all malware.

Despite growth in the Other MalWare class in comparison with the last six months of 2006, the class has still experienced an overall decline of 0.36%, putting it at just 1.95% of all malicious programs.

Backdoors demonstrated the highest growth among all Trojans at 202%. PSW Trojans that steal user accounts for various services, applications and online games also experienced an impressive increase (+135%) and they are expected to continue moving steadily upward in the months to come. PSW Trojans have already managed to exceed their numbers in 2006, when they achieved +125% growth.

Banker Trojans represent 69% of the growth of all Trojan Spy programs. Bankers are designed to steal access data for different online payment systems, Internet banking services and credit card details.

Meanwhile, rootkits skyrocketed 178% over the first six months of this year. The most active use of rootkits this year was by the Zhelatin worm family as well as a number of backdoors created in China.

Over this period, classic viruses demonstrated the highest growth among all types of malicious programs at 237%.

This year the growth rate among worms has slowed, although it is still over 100%. Email-Worms represent more than half of all programs in the VirWare class. Three families – Warezov, Zhelatin and Bagle – dominate the Email-Worm class of behaviour.

The Other MalWare class climbed nearly 60% in the first six months of the year, although this was not enough to retain its previous percentage of all malicious programs, which dropped from 2.51% in 2006 to 1.95%.

In the first half of the year, the absolute leader in terms of growth in this class was SpamTool, which closed the reporting period up 222%, putting it in second place. The surge in the number of different DoS programs (+209%), which are used to organize DoS attacks and run on botnets around the world, is due to the emergence of a new generation cyber criminals. These so-called script kiddies do not have much skill and prefer to apply other people’s creations with brute force. Exploits are once again in the leading position in terms of the number of new malicious programs in the Other MalWare class.

This half-year report is the first to address which operating systems are the most frequently targeted by virus writers. Over the reporting period, Kaspersky Lab detected malicious programs written for 30 different platforms and operating systems and found that most malicious programs target the Win32 environment.

Malicious programs that focus on different operating systems and platforms amount to only 4% of the total number. Linux is the second most-targeted operating system, with 123 new malicious programs and an increase of 55% up from the second half of 2006.

Nearly half of the platforms and operating systems demonstrated a decrease in the number of malicious programs designed for them. Over the course of one full year (starting in July 2006), not one new malicious program was written for MacOS. Concerning applications that can be run in different operating systems, MS Word has the biggest share of malicious programs, with 150 new pieces of malware - an increase of 95%.

JavaScript because the most innovative environment for implementing malicious code, with an increase of 380%. This caused it to leap ahead of its sibling, VisualBasic Script.

The report also includes statistics on antivirus database updates. The number of new monthly records in the Kaspersky Anti-Virus database in the first six months of the year came to 8,000 new entries per month in the beginning of the year and 25,000 new entries per month at the end of the reporting period. The monthly average of new entries in the database came to 15,518, compared to the monthly average of 8,221 in the second half of 2006.

Alexander Gostev comes to the conclusion that the main targets of cyber criminals are still the clients of different banking and e-payment systems, as well as users who play online games.

Furthermore, he notes that there are still close ties between the authors of malicious programs and spammers. All of the major epidemics in 2007 (Warezov, Zhelatin, Bagle) were designed to create botnets which could subsequently be used to send spam via infected computers and harvest email addresses in order to create databases for mass mailings. The lack of any critical vulnerabilities in Windows network services is still a main factor that explains the lack of major epidemics caused by network worms launching direct attacks on computer ports. Despite the expectations of IT security professionals, the new Windows Vista operations system has not been the focus of attention in the industry in 2007. This is primarily because the OS turned out to be much less popular than expected, and the number of users who have transitioned to this system is still relatively small - too small to draw the attention of virus writers and hackers.

The full version of the report can be found on VirusList.Com.

Site map|Privacy policy|Contact us|Send us a suspected virus