First half of 2010: Web-based threat trends
According to the report, malicious URLs increased from 1.5 billion in January to over 3.5 billion in June. North America sourced the most malicious URLs, while Asia-Pacific had the most victims of malware infections. The top URLs blocked by Trend Micro were adult websites, as well as sites that hosted malicious variants such as IFRAME code, TROJ_AGENT, and JS_DLOADR.ATF.
First half of 2010: File-based threat trends
TrendLabs, Trend Micro’s global network of threat researchers, now handles around 250,000 samples each day. Recent estimates though place the number of unique new malware samples introduced in a single day at greater than 60,000.
Trojans account for about 60 percent of new signatures, or antidotes, created by TrendLabs, and 53 percent of overall detections as of June. Backdoors and Trojan-spyware, often defined as crimeware or data-stealing malware, come in second and third places, respectively. The majority of Trojans lead to data-stealing malware.
India and Brazil distinguished themselves by having the most botted computers, tools of choice by cybercriminals building botnets for distributing malware, perpetrating attacks and sending spam. Botnet herders – the cybercriminals behind the botnets -- earn millions of dollars in money stolen from innocent computer users.
First half of 2010: Industry trends
When it comes to malware infections by industry sector, education took the lead during the first half of 2010 – nearly 50 percent of all malware infections occurred within schools and universities where IT and security staffers face the challenge of securing a complex, distributed and diverse infrastructure supporting countless students not likely to follow Internet security measures. The government and technology sectors follow next, each grabbing 10 percent of all malware infections.
First half of 2010: Notorious “bad actors”
According to the report, ZeuS and KOOBFACE made the most impact during the first half of 2010. ZeuS, crafted by an Eastern European organized crime network, is primarily a crimeware kit designed to steal users’ online banking login credentials and other personal data. Small businesses and their banks are targeted by the thieves. Hundreds of new ZeuS variants are seen by Trend Micro every day, and this is not likely to change in the near future.
The KOOBFACE botnet achieved infamy as the largest social networking threat to date. In the early part of this year, TrendLabs experts noted that the KOOBFACE gang was continuously updating their botnet: changing the botnet’s architecture, introducing new component binaries, and merging the botnet’s functions with other binaries. They also began encrypting their command and control (C&C) communications to avoid monitoring and takedown by security researchers and the authorities.
Cyber hit-and-runs: “Drive-by” vulnerabilities
Vulnerabilities in applications have always been a part of the security landscape. In the first half of 2010, Trend Micro threat researchers report a total of 2,552 Common Vulnerabilities and Exposures published, with many morethat are privately reported to vendors and therefore not published externally.
For end users, vulnerabilities have facilitated “drive-by” threats, where all that is necessary to become infected by malware is to visit a compromised website. Servers are coming under attack as well, with cybercriminals exploiting un-patched vulnerabilities. While this may be more difficult than compromising a single user system, the potential reward for cybercriminals is greater.
Cloud-based protection from Trend Micro
The Trend Micro™ Smart Protection Network™ provides cloud computing security infrastructure behind many Trend Micro products and delivers advanced cloud security , blocking threats in real-time before they reach you. Currently, the Smart Protection Network sees 45 billion queries every 24 hours, while it blocks 5 billion threats and processes 2.5 terabytes of data on a daily basis. On average, 80 million users are connected to the network each day.
The Smart Protection Network uses patent-pending “in-the-cloud correlation technology” with behavior analysis to correlate combinations of web, email and file threat activities to determine if they are malicious. By correlating the different components of a threat and continuously updating its threat databases, Trend Micro has the distinct advantage of being able to respond in real time, providing immediate and automatic protection from email, file and web threats.
The full threat report, as well as comprehensive tips on how businesses and consumers can protect themselves, can be found on TrendWatch:
About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at to learn more about the latest threats. Trend Micro’s flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. Many of these solutions are powered by the Trend Micro™ Smart Protection Network™ infrastructure, a next-generation cloud-client innovationthat combines sophisticated cloud-based reputation technology, feedback loops, and the expertise of TrendLabs researchers to deliver real-time protection from emerging threats. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit Trend Micro.com.