Vulnerabilities / Threats
12:01 PM

Attackers Broke Malware Records In 2010

Over the past year, online criminals created one-third of all viruses and 34% of all malware ever seen.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
Last year saw a record-setting number of new threats appear online. In particular, criminals managed to create one-third of all viruses ever seen, 34% of all malware in existence, and 40% of all known fake AV.

Those findings come from a study released Wednesday by PandaLabs, the malware research arm of antivirus vendor Panda Security. The firm said it had analyzed 99.4% of the 134 million unique files its systems automatically collected in 2010. Of those files, 60 million were malware -- viruses, worms, Trojans, and other threats.

The report also found that the volume of new malware created -- about 20 million new strains -- remained roughly constant from 2009 to 2010, while the number of new threats overall increased. Between the beginning and end of 2010, according to PandaLabs, "the average number of new threats created every day has risen from 55,000 to 63,000."

While names such as Zeus and Bredolab continue to make headlines -- since they're behind many attacks -- most unique instances of malware appear to be nearly disposable. Indeed, whereas many attacks used to circulate for months before disappearing, Panda found that 52% of new malware in 2010 existed for only 24 hours. According to PandaLabs, "as antiviruses become able to detect new malware, hackers modify them or create new ones so as to evade detection."

Unsurprisingly, given the financial incentive behind many attacks, the most prevalent type of malware in 2010 was the banking Trojan, which comprised 56% of all new malware, followed by those perennial favorites viruses (22%), worms (10%), and adware (10%). Interestingly, spyware declined from comprising 6% of all malware in 2009 to just 0.34% in 2010. Meanwhile, roughly 1% of threats in 2010 collectively comprised dialers, hacking tools, PUPs (potentially unwanted program), security risks, jokes, or tracking cookies.

Interestingly, Panda found that 53% of all computer users experienced a malware infection in 2010, even when using up-to-date antivirus scanners and signatures.


Massive 'Fake AV' Attack Launched

Spam Attack Captures Government Data

Hackers, Insiders Behind Most Identity Theft

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.