In its bi-annual Internet Security Threat Report (PDF), antivirus vendor Symantec says that it had identified over 1.1 million malicious code threats by the end of the 2007—and that almost two thirds of them were created during 2007. Symantec attributes the rapid rise in the number of malware programs to attackers’ explosive introductions of new Trojan programs, which pretend to be something useful or interesting while secretively installing spyware, key loggers, or taking over a user’s computer.
Malware writers typically spin out hundreds of variants on their programs to evade antivirus packages, and often the initial Trojans are just “beachheads” designed to download additional malware once installed. Thus, malware writers only have to modify their initial attack vectors, and can recycle their real payloads across many different programs.
Symantec says the increase in new threats during 2007 also reflects a growing professionalism among malware developers, and the sophistication of organizations employing them. “It is vital that end users and enterprises maintain the most current antivirus definitions to protect against the high quantity of rapidly launched new malicious code threats,” Symantec wrote.
Needless to say, the vast majority of new threats target Microsoft Windows and widely distributed Windows applications. However, Symantec also noted an increase in attacks and exploitation of zero-day vulnerabilities in regionalized programs, particularly in the Chinese and Japanese markets. Where attackers still go after common applications like Internet Explorer and Microsoft Office, they’re also targeting applicaitons like ustSystem Ichitaro, Lhaz, GlobalLink, SSReader Ultra Star Reader, and Xunlei’s Web Thunder.
Symantec also found that the United States accounted for 31 percent of all malicious activity during the second half of 2007 (up a bit from 30 percent in the first half of the year) and the U.S. was the origin of 24 percent of online attacks during the second half of the year. The U.S. also had the most bot-infected computers (14 percent of the world’s total), and the U.S. remained the top country for hosting known “underground economy” servers, accounting for 22 percent of the world’s total. However, computers with IP addresses registered to Italy’s Telecom Italia accounted for six percent of all malicious activity in the world, Madrid ranked as the city with the most bot-infected computers per capita (accounting for 3 percent of the world’s total), and Peru had the highest proportion of malicious activity per broadband subscriber.
