BitDefender releases results of global malware and spam report for first-half 2010

Paypal and eBay accounts phished, whilst medicine and pharma spam flooded inboxes

SYDNEY & AUCKLAND – July 16, 2010 – BitDefender® has today released its global malware and spam report for the first half of 2010. The report saw a startling amount of phishing messages that purported to be from Paypal (53 percent) and eBay (16 percent) of all phishing messages sent worldwide.

Meanwhile, spam messages have been dominated by pharma and medical spam (66 percent). Evaluating the malware exploits in the first of the year, Trojan.AutorunINF.Gen – a piece of malware that exploits the Windows autorun feature on removable media and drives – accounted for 11 percent of all malware infections worldwide and was the most prevalent.

Phishing trends in first half of 2010

Financial institutions were cyber-criminals’ preferred targets, constituting more than 70 percent of global phishing messages. Social networks also came under heavy fire, as user profiles became a rich source for hackers to mine personal information from in order to spearhead further phishing attacks. For the first half of 2010, phishers focused on impersonating PayPal and eBay. HSBC bank ranked third, whilst Facebook phishing messages ranked fourth.

Spam trends in first half of 2010

The FIFA World Cup™ and the floods in Guatemala were two of the many events where black-hat SEO optimization was used by spammers to push search engine rankings of malware-serving websites. The first half of 2010 also saw spam messages grow to 86 percent of total email, driven by pharmacy spam which has jumped from 51 to 66 percent of total spam messages.

The spam breakdown by type for the first half of 2010 was:

· Medicine Spam – 66%

· Fake/replica products – 7%

· Loans and insurance – 5%

· Bundled malware – 3.5%

· Casino and gambling – 3.5%

Malware threats in review

Exploiting Windows’ Autorun feature – Trojan.AutorunINF.Gen ranked first with more than 11 percent of the total number of infections, while MBR worms have made a comeback with upgraded viral mechanisms. Late January saw the emergence of Win32.Worm.Zimuse.A, a deadly combination of virus, rootkit and worm. Upon infection, the worm would start counting down the days. 40 days from the infection, it would overwrite the hard disk drive Master Boot Record, thus rendering the OS unable to boot. China and the Russian Federation led the world in malware hosting, with 31 and 22 percent respectively.

Vulnerabilities, exploits and breaches

Critical zero-day exploits on popular software such as the Internet Explorer browser from Microsoft® or Adobe® Reader®, Adobe® Flash Player® and even Adobe® Photoshop® CS 4 have also played a key role in the malware landscape for the first half of 2010. Some of the Internet Explorer exploits have even been used to attack major companies such as Google, Adobe® and Rackspace®.

E-threat predictions – what should we be wary for 2H 2010?

BitDefender experts warn, while the first six months of 2010 have been dominated by conventional e-threats such as Trojans and worms, various exploits pointing at third-party applications have rapidly gained ground, both in count and in terms of impact. As seen in the case of Exploit.Comele.A, zero-day vulnerabilities may be used for purposes that are beyond identity theft or compromising banking accounts, but instead act as fully-fledged weapons used in cyber-warfare and top-level industrial espionage.

“With Facebook® surpassing 400 million users, most of the malware authors will focus on the social networking platform to deliver their newest payloads. Some of these attacks will focus on social engineering tricks (such as launching various malware offensives from compromised computers), while others will try to exploit different vulnerabilities or features already implemented across the platform,” said Catalin Cosoi, head of the BitDefender online threats lab.

“The introduction of HTML5, the upcoming major revision of the HTML standard, will add extra levels of online interaction and will probably change the face of the Web as we know it. The new technology is highly likely to be exploited by malware authors to compromise the browser security,” Cosoi warns.