Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/30/2009
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

BitDefender E-Threats Landscape Report Spotlights Trojans As Dominant Security Menace In 2008

Report provides an overview of the security threats landscape during past six months, and takes a look at what lies ahead in 2009

BUCHAREST, Romania " January 28, 2009 " More than 80 percent of malware distributed worldwide in 2008 consisted of Trojans according to the E-Threats Landscape Report, a comprehensive security threat study published by BitDefender' Lab, an award-winning provider of antivirus software and data security solutions. This E-Threats Landscape Report, the second in a series of security reports, provides an overview of the security threats landscape over the last six months, from July through December 2008, and takes a look at what lies ahead in 2009.

BitDefender's security experts analyzed and examined the menaces of the second half of 2008, focusing on software vulnerabilities and exploits, different types of malware, as well as countermeasures, cyber crime prevention and law enforcement. They found that internet users had to cope with approximately 2,000 new and mutated viruses per day, nearly 50,000 phishing attempts per month and more than 1,000,000 hijacked computers that spread bots, rootkits, Trojans and other malware in 2008.

Highlights from BitDefender's E-Threats Landscape Report for the second half of 2008 include: Web-based e-threats level increased 460 percent JavaScript exploitations via SQL injection tripled in volume 75 percent of Trojans included complex updating mechanisms, stealth data download and upload features, as well as spyware and rootkit capabilities The most common headlines used to spread e-threats included the alleged U.S. invasion of Iran, the 29th Olympic Games and the U.S. Presidential Election Plain text comprised 80 percent of e-mail spam, while image spam dropped to only 1.5 percent The number of spam e-mails containing infected attachments or linking pages prompting users to download malicious programs increased 400 percent The countries most affected by e-threats included France, China, United States, Germany and Spain Nearly 70 percent of phishing attempts surrounded the global financial crisis New spam techniques mimicking newsletters and alerts from news corporations such as CNN, CBS and ABC were introduced Spammers concentrated their attention on receipt messages, to increase spam efficiency

"The purpose of BitDefender's E-Threats Landscape Report is to provide consistent and useful information to consumers about the malware industry," said Bogdan Dumitru, BitDefender's chief technology officer. "Not only does BitDefender want to educate consumers about what is currently happening in the malware industry, but we also want to provide consumers with guidance about what to expect and how to protect against e-threats in the upcoming year. For example, nearly 45 percent of the e-threats in the wild in 2008 were distributed via e-mail. With this in mind, consumers should make securing e-mail communication a priority in 2009."

E-Threat predictions for 2009 from BitDefender's E-Threats Landscape Report include: Malware production will continue to exploit the same Web-based capabilities of Trojans, spyware and rootkits Existing e-threat families will suffer significant upgrades and mutations in terms of stealth and automation of spreading mechanisms An increase in the exploitation of application vulnerabilities, similar to the latest password stealing application vulnerability (Trojan.PWS.ChromeInject.A) BitDefender researchers identified in early December, is expected to increase Targeted attacks on Web 2.0 applications, namely social networking sites, is expected to increase. Smart phones and other intelligent high-end devices with permanent Internet access will be targeted by new generations of mobile malware

To download BitDefender's complete E-Threats Landscape Report, please visit the BitDefender website or click here.

Listen to BitDefender's first podcast in their Total Security podcast series please visit BitDefender's podcast page.

http://www.bitdefender.com/site/Main/view/podcasts.html.

To keep updated with virus updates and company news sign-up for BitDefender's RSS feeds here.

About BitDefender' BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe — giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27187
PUBLISHED: 2020-10-26
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related command...
CVE-2020-7752
PUBLISHED: 2020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7127
PUBLISHED: 2020-10-26
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVE-2020-7196
PUBLISHED: 2020-10-26
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the ur...
CVE-2020-7197
PUBLISHED: 2020-10-26
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* U...