Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11:25 AM
Dark Reading
Dark Reading
Products and Releases

PandaLabs: 22K New Malware Samples Found A Day In '08

Rogue antimalware programs were among the fastest growing threats of 2008, according to Panda Security's malware analysis and detection laboratory

GLENDALE, Calif., Jan. 8, 2008 - PandaLabs, Panda Security's malware analysis and detection laboratory, today announced the general availability of its 2008 annual report. Last year PandaLabs detected an average of 35,000 malware samples each day, 22,000 of which were new infections. By the year's end, the total count of malware threats detected by PandaLabs exceeded 15 million. This number surpassed initial projections by over 5 million and resulted in Panda's detection of more malware in the first eight months of 2008 than in the company's previous 17 years combined. The PandaLabs 2008 Annual Report can be downloaded here: http://www.pandasecurity.com/enterprise/security-info/tools/reports.html.

99 percent of these new threats were automatically detected by Panda Security's Collective Intelligence technology, which performs malware scanning, detection and analysis in the cloud. This approach provides the ability to maximize malware detection capabilities through gathering real-time data from the cloud, while at the same time minimizing the resource and bandwidth consumption of protected systems.

The majority of this new malware (67.7 percent) was classified as Trojans, meaning it was designed to steal confidential data such as bank accounts, passwords and the like. A breakdown of malware by category (e.g. Adware, Spyware, Trojan, etc.) and month can be found here: http://www.flickr.com/photos/panda_security/3179347796/.

"Computer users often underestimate the threat that malicious software represents," explains Ryan Sherstobitoff, chief corporate evangelist for Panda Security. "For this reason, on many occasions they may provide little or no security measures for their computers. The reality is that malware has increased exponentially over the past few years and this false sense of security helps cybercriminals to infect more computers without being discovered."

Trojans represented the most common malware infection at 70.1 percent of total detections, followed by adware at 19.9 percent and worms at 4.22 percent. These three types of infections combined represented the majority of malware detected in 2008, totaling 94 percent.

With respect to the threats that increased the most last year, PandaLabs' annual report also highlights the emergence and rapid rise of rogue antivirus programs. These new programs are a special type of adware that trick the computer user into believing they have been severely infected by multiple dangerous malware and offer a paid solution to supposedly remove the infections. The fake antimalware programs cost approximately $70.00 and collectively generate $13.65 million dollars a month for their creators, according to estimates from PandaLabs.

Banker Trojans: The Threat Continues Banker Trojans are designed with the sole objective to steal the victim's bank account information in order to access their accounts. Normally these Trojans run silently in the computer's memory and only activate when the victim accesses certain bank websites.

"For cybercriminals, it's relatively simple to obtain these malicious programs since there is a thriving marketplace for custom designed Trojan creation kits," explains Sherstobitoff. "These kits allow the creation of Trojans which not only offer multiple features, but also have the ability to be controlled remotely."

The most active banker Trojans that PandaLabs identified fell into the following three families:

1) Brazilian Banker Trojans (Banbra, Bancos): These are mainly designed to steal passwords to Brazilian and Portuguese banks, although the Bancos family also targets Spanish banks occasionally. They normally transmit the information obtained through FTP or email.

2) Russian Banker Trojans 1.0 (Cimuz, Goldun): This type of Trojan has become less prevalent over time, since its lack of new functions makes it easier to detect. However, there are many variants still in circulation.

3) Russian Banker Trojans 2.0 (Sinowal, Torpig, Bankolimb): Created to replace its predecessors, variants of this family are constantly changing and being updated, which makes generic detection difficult. All of these have a common function. The list of target banks and organizations is obtained from a configuration file, which is either included with the Trojan or obtained from a server controlled by the cyber criminal, so the Trojan itself does not need to be modified in order to add a new target bank.

PandaLabs 2008 Annual Report additionally gathers information about the current spam situation, the most important vulnerabilities of 2008 and trends in the malware threat landscape entering 2009.

About PandaLabs Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions. Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com and the Panda Security website: www.pandasecurity.com/usa.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-16
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend...
PUBLISHED: 2021-04-16
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or ...
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a se...
PUBLISHED: 2021-04-16
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS build 20210202 (and later) QT...