Report: Globalization of Malware Production

By Simon Heron | Nov 10, 2009 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/report-globalization-malware-production?page=2

Traditionally, malware has tended to originate mainly from countries like Brazil and America, with other nations such as Korea and India joining them in the top 10 malware charts in recent years.

However, October's threat stats reveal that the level of malware originating from the top 10 is decreasing.

Unfortunately, rather than an overall decrease in spam and virus levels, this only means that the sources of malware are starting to spread to other nations.

As mentioned earlier this month international co-operation is incredibly important in the fight against malware producers, especially if, as October's figures suggest, producers are spreading their net of operations to nations which have little experience of this crime.

So, what does this mean for us as internet users?

Well, we all need to ensure that we are doing our part to prevent this crime from being a profitable one., and that means protecting our computers from intrusions and doing everything in our power to protect our personal data when online.

Not only should we all be wary about what links we click on in emails, social networking sites and IM, but we should examine what data we put online.

How much information do you give away on your Facebook profile for example? How secure are your passwords?

In the end, it will be difficult for any level of international co-operation to succeed in tackling cyber-crime if we as individuals do not exercise caution ourselves.

Report: International Cooperation Vital as Malware Sources Disperse

Hackers are spreading their operational bases further around the world, according to threat analysis from managed security firm, Network Box.

During October, malware levels remained high, but threats originating from the ‘traditional' top sources of malware (the US, China, Korea and Brazil) were all down on last month.

Check out our Top 10 lists of malware threats to keep an eye on.

Spam

The level of spam originating from the US has dropped by three per cent in October, making the US now the fifth largest producer of spam.

This is a significant decrease from a country that until recently was producing by far the greatest amount of spam. The fastest-rising spam threat now comes from Vietnam, now number two in the spam charts, producing 7.5 per cent of the world's spam.

This is just 0.4 per cent behind Brazil, still at number one.

China and Korea continue to vie for title of third largest source of spam, but both countries have seen a decline in spam levels (China down by two per cent and Korea down by one per cent).

Phishing

Network Box's analysis of internet threats in October 2009 also clearly shows a drop of eight per cent in phishing attacks globally (from 33.2 per cent in September to 25.2 per cent in October).

Viruses

Brazil, the US and Korea are still dominating the virus charts as the top three sources of viruses, but all three countries have seen a drop of around two per cent month-on-month in virus activity.

India continues to be a significant source of viruses, with 3.7 per cent originating from the sub-continent. Italy and Romania have entered the virus charts for the first time, producing 2.16 and 1.75 per cent respectively.

Simon Heron, Internet Security Analyst for Network Box advises:

Phishing attacks are down from September's high levels, but users and IT teams must still be vigilant. We're seeing fewer malware attacks from the usual top sources, as malware producers spread their operations from traditional hubs such as the US and China. This highlights, once again, the importance of international co-operation in tackling malware.

People who entrust their personal data to reputable websites need to be aware that even these sites can be hacked (as seen with the recent guardianjobs.co.uk attack) and should ensure that they use strong, frequently changed passwords and that their security software remains up to date with the latest patches.

Next Page: Top 10 Malware Threats to Watch

Top 10 Viruses

Threat Name Daily Average %
spam.phish.url 25.27076
packed.win32.krap.ah 5.32908
nbh-bgtrack 4.81830
clm.email.trojan-114 4.34829
packed.win32.krap.ad 3.00120
trojan-downloader.win32.fraudload.wsut 2.91765
packed.win32.krap.w 2.34951
trojan.win32.vilsel.ihd 2.31138
nbh-bscript 2.26212
trojan-downloader.win32.fraudload.wspk 1.82944

Top Ten Trojans

Threat Name Daily Average %
clm.email.trojan-114 0.12538
trojan-downloader.win32.fraudload.wsut 0.09471
trojan-downloader.win32.fraudload.wspk 0.08532
trojan.win32.vilsel.ihd 0.04454
trojan.win32.vilsel.hrk 0.03977
trojan.win32.fraudpack.xek 0.03510
trojan-downloader.win32.fraudload.wsvr 0.03469
trojan-downloader.win32.fraudload.wuis 0.03075
trojan-downloader.win32.fraudload.wsti 0.02828
trojan.win32.vilsel.imq 0.02213

Top Ten Intrusions

Threat Name Daily Average %
NETBIOS 25.24807
BOGON 5.36037
PINGFLOOD 0.42997
HTTP-S-WEBDAV 0.05226
HTTP-S-UNIXATTACK 0.03381
HTTP-S-WEBDEX 0.02995
HTTP-S-IISATTACK 0.02865
HTTP-S-NIMDA 0.02278
SOBIG-F 0.02074
ICMP 0.00831

Top Ten Sources of Viruses

Country Daily Average %
Brazil 14.16771
US 9.36499
Korea 4.27218
India 3.79227
Argentina 2.57109
Columbia 2.36788
Italy 2.16965
China 2.00121
Romania 1.75251
Russia 1.71513

Top Ten Sources of Spam

Country Daily Average %
Brazil 7.90551
Vietnam 7.59576
Korea 5.53660
China 4.70909
US 4.51310
India 4.12785
Poland 2.54247
Russia 1.86269
Columbia 1.74923
Argentina 1.70800

Top Ten Sources of Intrusions

Country Daily Average %
Korea 10.76370
US 10.59513
Hong Kong 8.16967
Brazil 5.78221
China 4.95709
Vietnam 4.07795
Australia 3.92023
India 2.42955
Malaysia 1.68875
Russia 1.02181

Top Ten Sources of Firewall Blocks

Country Daily Average %
US 13.08238
Malaysia 12.99183
Korea 11.04428
China 10.16909
Australia 5.73187
Hong Kong 4.11280
UK 1.95475
Taiwan 0.96186
Canada 0.92095
Brazil 0.91200