PandaLabs Study Reveals Alarming Global Infection Rates Of Identity Theft Malware

More than 3 million Internet users in the U.S. and more than 10 million worldwide were actively exposed to identity theft in 2008

March 10, 2009

4 Min Read


GLENDALE, Calif., March 9, 2009 " Panda Security, a world leader in IT security, today announced the findings from a comprehensive identity theft study conducted by PandaLabs, the company's malware analysis and detection laboratory. Based on the analysis of 67 million computers during 2008, PandaLabs revealed that 1.1 percent of the worldwide population of Internet users have been actively exposed to identity theft malware. Extrapolating the results from Panda Security's online malware scanning service, ActiveScan, PandaLabs found that over three million of the audited users in the U.S. and more than 10 million users worldwide were infected with active identity theft-based malware last year[1].

According to one recent study published by an independent research firm, the mean cost per ID theft incident in the U.S. is $496.00, putting the total estimated risk of ID theft from malware in this country alone at approximately $1.5 billion[2]. Additionally as U.S. banks have raised consumer credit rates to compensate for losses in mortgage departments, unchecked losses from identity theft could have the effect of eroding an already weak consumer confidence, particularly with respect to online transactions.

Following are highlights on PandaLabs' key findings on the evolution of online identity theft: 1.07 percent of all PCs scanned in 2008 were infected with active malware (resident in memory during the scan) related to identity theft, such as banker Trojans 35 percent of the infected PCs had up-to-date antivirus software installed The number of PCs infected with identify theft malware increased by 800 percent from the first half of 2008 to the second half Arizona, California and Florida continue to be the states with the highest per-capita incidence of reported identity theft PandaLabs predicts that the infection rate will increase by an additional 336 percent per month throughout 2009, based on the trend of the previous 14 months

Active malware means malware that is loaded into the PC's memory and actively running as a process. For example, users of PCs infected with this type of identity theft malware who utilize online services such as shopping, banking, and social networking, have had their identities stolen in some fashion. According to the Federal Trade Commission (FTC), the average time victims spend resolving identity theft issues is 30 hours per incident.[3] The cumulative cost in hours alone from identity theft related malware based on Panda Security's projected infection rate could reach 90 million hours.

The study revealed that an alarming 35 percent of the PCs infected with this type of malware were using up-to-date antivirus software. Antivirus labs are receiving a massive amount of new malware samples each day (22,000 new samples per day according to PandaLabs), and antivirus vendors are continually updating their services to keep up with the overwhelming volume of new malware surfacing each day. AV detection labs such as PandaLabs have made advances in automated detection and classification capabilities. These new detection methods as well as improved surveillance and cloud-based detection techniques have reduced the risk of individual identity theft incidents and its associated costs. Some global banks, notably in Brazil, have made changes to banking authentications using electronic tokens and virtual keyboards, but these approaches have been slow to be adopted in the U.S.

"We expect to see a 336 percent monthly growth rate of this malicious identity theft malware in 2009, fueled by the huge business behind this particular type of cybercrime," said Luis Corrons, director of PandaLabs. "We must become aware of the dangers of malware identity theft and protect ourselves from the serious potential losses, both in time and money."

Banker Trojans are malware specifically created to steal user account information from banks and their customers. Trojans have increased in sophistication and are now able to easily update and expand the list of banks they can attack via the Internet. According to PandaLabs, the top families of banker Trojans that are the most prevalent in infiltrating users' systems are:

Trj/Cimuz Trj/Sinowal Trj/Bankolimb Trj/Torpig Trj/Goldun Trj/Dumador Trj/Spyforms Trj/Bandiv Trj/SilentBanker Trj/PowerGrabber Trj/Bankpatch Trj/Briz Trj/Snatch Trj/Nuklus Trj/Banker

Other general, non-banker Trojan, forms of identity theft malware steal usernames and passwords to chat, games or applications as well as personal information. The most common types of non-banker Trojan identity theft malware are:

Trj/Lineage W32/Lineage.worm Trj/Legmir Trj/Wow W32/Wow.worm Trj/MSNPassword Trj/PassStealer Trj/QQPass

About PandaLabs Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: and the Panda Security website:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights