Report: Globalization of Malware Production
By Simon Heron, CISSP Internet Security Analyst
Traditionally, malware has tended to originate mainly from countries like Brazil and America, with other nations such as Korea and India joining them in the top 10 malware charts in recent years.
However, October’s threat stats reveal that the level of malware originating from the top 10 is decreasing.
Unfortunately, rather than an overall decrease in spam and virus levels, this only means that the sources of malware are starting to spread to other nations.
As mentioned earlier this month international co-operation is incredibly important in the fight against malware producers, especially if, as October’s figures suggest, producers are spreading their net of operations to nations which have little experience of this crime.
So, what does this mean for us as internet users?
Well, we all need to ensure that we are doing our part to prevent this crime from being a profitable one., and that means protecting our computers from intrusions and doing everything in our power to protect our personal data when online.
Not only should we all be wary about what links we click on in emails, social networking sites and IM, but we should examine what data we put online.
How much information do you give away on your Facebook profile for example? How secure are your passwords?
In the end, it will be difficult for any level of international co-operation to succeed in tackling cyber-crime if we as individuals do not exercise caution ourselves.
Report: International Cooperation Vital as Malware Sources Disperse
Hackers are spreading their operational bases further around the world, according to threat analysis from managed security firm, Network Box.
During October, malware levels remained high, but threats originating from the ‘traditional’ top sources of malware (the US, China, Korea and Brazil) were all down on last month.
Spam
The level of spam originating from the US has dropped by three per cent in October, making the US now the fifth largest producer of spam.
This is a significant decrease from a country that until recently was producing by far the greatest amount of spam. The fastest-rising spam threat now comes from Vietnam, now number two in the spam charts, producing 7.5 per cent of the world’s spam.
This is just 0.4 per cent behind Brazil, still at number one.
China and Korea continue to vie for title of third largest source of spam, but both countries have seen a decline in spam levels (China down by two per cent and Korea down by one per cent).
Phishing
Network Box’s analysis of internet threats in October 2009 also clearly shows a drop of eight per cent in phishing attacks globally (from 33.2 per cent in September to 25.2 per cent in October).
Viruses
Brazil, the US and Korea are still dominating the virus charts as the top three sources of viruses, but all three countries have seen a drop of around two per cent month-on-month in virus activity.
India continues to be a significant source of viruses, with 3.7 per cent originating from the sub-continent. Italy and Romania have entered the virus charts for the first time, producing 2.16 and 1.75 per cent respectively.
Simon Heron, Internet Security Analyst for Network Box advises:
Phishing attacks are down from September’s high levels, but users and IT teams must still be vigilant. We’re seeing fewer malware attacks from the usual top sources, as malware producers spread their operations from traditional hubs such as the US and China. This highlights, once again, the importance of international co-operation in tackling malware.
People who entrust their personal data to reputable websites need to be aware that even these sites can be hacked (as seen with the recent guardianjobs.co.uk attack) and should ensure that they use strong, frequently changed passwords and that their security software remains up to date with the latest patches.
Top Ten Viruses
| Threat Name | Daily Average % |
|---|---|
| spam.phish.url | 25.27076 |
| packed.win32.krap.ah | 5.32908 |
| nbh-bgtrack | 4.81830 |
| clm.email.trojan-114 | 4.34829 |
| packed.win32.krap.ad | 3.00120 |
| trojan-downloader.win32.fraudload.wsut | 2.91765 |
| packed.win32.krap.w | 2.34951 |
| trojan.win32.vilsel.ihd | 2.31138 |
| nbh-bscript | 2.26212 |
| trojan-downloader.win32.fraudload.wspk | 1.82944 |
Top Ten Trojans
| Threat Name | Daily Average % |
|---|---|
| clm.email.trojan-114 | 0.12538 |
| trojan-downloader.win32.fraudload.wsut | 0.09471 |
| trojan-downloader.win32.fraudload.wspk | 0.08532 |
| trojan.win32.vilsel.ihd | 0.04454 |
| trojan.win32.vilsel.hrk | 0.03977 |
| trojan.win32.fraudpack.xek | 0.03510 |
| trojan-downloader.win32.fraudload.wsvr | 0.03469 |
| trojan-downloader.win32.fraudload.wuis | 0.03075 |
| trojan-downloader.win32.fraudload.wsti | 0.02828 |
| trojan.win32.vilsel.imq | 0.02213 |
Top Ten Intrusions
| Threat Name | Daily Average % |
|---|---|
| NETBIOS | 25.24807 |
| BOGON | 5.36037 |
| PINGFLOOD | 0.42997 |
| HTTP-S-WEBDAV | 0.05226 |
| HTTP-S-UNIXATTACK | 0.03381 |
| HTTP-S-WEBDEX | 0.02995 |
| HTTP-S-IISATTACK | 0.02865 |
| HTTP-S-NIMDA | 0.02278 |
| SOBIG-F | 0.02074 |
| ICMP | 0.00831 |
Top Ten Sources of Viruses
| Country | Daily Average % |
|---|---|
| Brazil | 14.16771 |
| US | 9.36499 |
| Korea | 4.27218 |
| India | 3.79227 |
| Argentina | 2.57109 |
| Columbia | 2.36788 |
| Italy | 2.16965 |
| China | 2.00121 |
| Romania | 1.75251 |
| Russia | 1.71513 |
Top Ten Sources of Spam
| Country | Daily Average % |
|---|---|
| Brazil | 7.90551 |
| Vietnam | 7.59576 |
| Korea | 5.53660 |
| China | 4.70909 |
| US | 4.51310 |
| India | 4.12785 |
| Poland | 2.54247 |
| Russia | 1.86269 |
| Columbia | 1.74923 |
| Argentina | 1.70800 |
Top Ten Sources of Intrusions
| Country | Daily Average % |
|---|---|
| Korea | 10.76370 |
| US | 10.59513 |
| Hong Kong | 8.16967 |
| Brazil | 5.78221 |
| China | 4.95709 |
| Vietnam | 4.07795 |
| Australia | 3.92023 |
| India | 2.42955 |
| Malaysia | 1.68875 |
| Russia | 1.02181 |
Top Ten Sources of Firewall Blocks
| Country | Daily Average % |
| US | 13.08238 |
| Malaysia | 12.99183 |
| Korea | 11.04428 |
| China | 10.16909 |
| Australia | 5.73187 |
| Hong Kong | 4.11280 |
| UK | 1.95475 |
| Taiwan | 0.96186 |
| Canada | 0.92095 |
| Brazil | 0.91200 |
* * *
Stay Informed With ISR News Feeds and Email Alerts Here:
Simon Heron has over 19 years experience in the IT industry, including nine years experience in Internet security. During this time he has developed and designed technologies ranging from firewalls, anti-virus, LANs and WANs. Simon has an MSc (attained with Distinction) in Microprocessor Technology and Applications, and a BSc (Hons) in Naval Architecture and Shipbuilding and is a CISSP (Certified Information Systems Security Professional). Prior to Net Caboose, Simon co-founded Network Box Corporation (UK) Ltd and was Managing Director, finally merging this franchise with the parent company in 2006. Before Network Box, Simon joined the British Antarctic Survey (B.A.S.) as science project leader, and spent two Antarctic winters at the research station Halley in the Antarctic, developing and enhancing graphical technologies in the harshest of conditions. Simon also has a company called Net Caboose which deals with Identity and Access Management and is also development house.
Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM). It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centres spread around the globe. NBL’s customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.
The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
