Malware threats on the rise in first half

BY MARICEL E. ESTAVILLO, BusinessWorld Reporter UK-based Internet security firm Sophos noted a significant drop in the number of viruses and worms written during the first half. But this had been "over-compensated" by increases in other types of malicious software (malware) as cyber criminals turn their attention to stealing information and money, Sophos said in its latest report. According to the report, new forms of Trojan -- which are malwares disguised as or imbedded within legitimate software programs -- outweighed the traditional viruses and worms by 4:1 in the first half, higher than the 2:1 ratio during the same period last year. Sophos also noted the continued dominance of Windows-based threats. To avoid getting these, the security firm even suggested home users to consider switching to Apple Macs, to shield themselves from future malware onslaught. For the past six months, Sophos said Sober-Z worm registered the most number of threats, accounting for one in every thirteen e-mails sent. Further, Sophos said only one in every 91 of all e-mails were viral so far this year, compared with one in every 35 for the same period in last year. The top 10 list of malware reported at Sophos’s global network of monitoring stations in the first six months of 2006 were as follows: Position Virus Percentage of reports 1. W32/Sober-Z 22.4% 2. W32/Netsky-P 12.2% 3. W32/Zafi-B 8.9% 4. W32/Nyxem-D 5.9% 5. W32/Mytob-FO 3.3% 6. W32/ Netsky-D 2.4% 7. W32/Mytob-BE 2.3% 8. W32/Mytob-EX 2.2% 9. W32/Mytob-AS 2.2% 10. W32/Bagle-Zip 1.9% Others 36.3% Sophos said all of the above malware works on Windows and none is capable of infecting Mac OS X. "In contrast to the drop in new worms and viruses, the overall level of malware continues to rise -- indicating that spyware, Trojan horses and phishing are now the more favored methods of attack for cyber criminals," the report read. In June 2005, the number of different pieces of malware protected against by Sophos stood at 140,118. A year later, Sophos said it was identifying and protecting against 180,292 different viruses, spyware, worms, Trojan horses and other malware, as well as adware and other potentially unwanted applications. Sophos said the vast majority of malware continues to be written for Windows, and while the first malware for Mac OS X was seen in February, it has not spread nor started an avalanche of malicious code aimed at Macs. "The continuing rise of malware will concern many -- the criminals responsible are obviously making money from their code, otherwise they’d give up the game," said Graham Cluley, senior technology consultant at Sophos. "Hackers seem happy to primarily target Windows users and not spread their wings to other platforms. It seems likely that Macs will continue to be the safer place for computer users for some time to come -- something that home users may wish to consider if they’re deliberating about the next computer they should purchase," Mr. Cluley said. Particularly, Sophos said about 82% of the new threats that protected against during the first six months have been Trojan horses, which cannot spread by themselves and are typically targeted at specific groups of people. However, Sophos’s top 10 chart of the most prevalent malware according to families of threats shows that the Clagger family of Trojan horses have been spammed out so aggressively they collectively account for the eighth most prevalent threat. The top 10 list of malware families reported at Sophos’s global network of monitoring stations in the first six months of 2006 were as follows: Position Malware family Percentage of reports 1. W32/Mytob 28.7% 2. W32/Sober 22.6% 3. W32/Netsky 19.0% 4. W32/Zafi 9.9% 5. W32/Nyxem 5.9% 6. W32/Bagle 4.3% 7. W32/MyDoom 3.3% 8. Troj/Clagger 1.3% 9. W32/Dolebot 1.1% 10. W32/Lovgate 0.8% Others 3.1% Again, Sophos said all of the above malware work on Microsoft Windows and none is capable of infecting the Apple Macintosh operating system. Clagger Trojans have been distributed under the guise of e-mails from organizations that include Amazon and PayPal. It was in February this year when the world saw the first-ever Trojan horse, Clagger-G, enter the monthly top 10 malware chart. A month after, Clagger-I landed at the top sixth position. "These Trojans had to be mass-spammed to millions of e-mail addresses in order to enter the chart, and their prevalence shows that cyber criminals are continually repackaging their malicious code and using spam technology to generate illegitimate income," Mr. Cluley said. "However, most perpetrators now opt for smaller, strategically targeted attacks, which are more manageable and have better chances of tricking computer users," he added. It was also this year a new kind of Trojan horse attack, called ran-somware, was seen, infecting data and files of users. Users are typically blackmailed into paying to have their data retrieved or risk losing it altogether. Three recent examples include the Ransom-A, Zippo-A and Arhi-veus-A Trojans -- all of which caused havoc and panic for poorly protected computer users. "Criminals are constantly finding new ways to get their hands on some easy cash and now they’ve stooped to blackmail. Given these filthy tactics, it’s understandable that authorities are giving out increasingly harsh sentences for crimes of this nature," Mr. Cluley said. With the rise of malware threats, Sophos said that almost every day there are stories on trials, arrests and sentences relating to Internet crimes. It was in May this year when the longest ever sentence was dealt out for spreading malware. The 21-year-old American Jeanson James Ancheta received a 57-month prison sentence for running a zombie network. Also, Sophos said the pending extradition of British hacker, Gary McKinnon, to the US is further evidence of authorities clamping down on cyber crime. Mr. McKin-non, who hacked into Pentagon and NASA computers, could face decades in jail and hefty fines.--Report from BusinessWorld