Wed, 04/15/2009 - 14:02 — Igor Donchenko
PandaLabs, Panda Security’s malware detection and analysis laboratory, has presented its malware report for the first quarter of 2009. According to the report, Trojans have accounted for 73% of all new malware created during this period. Nevertheless, one of the main trends identified in the report is the growth of spyware, which rose from 2.5% in the previous quarter to 13.15% in the first three months of the year.
“We have seen a dramatic increase in the amount of spyware in circulation over this period, probably aimed at saturating laboratories and consequently infecting more users”, says Luis Corrons, Technical Director of PandaLabs.
In some cases, cyber-crooks have been successful, as in the case of the Virtumonde spyware, which infected more computers than any other malicious code in the first quarter of 2009. This malware combines aspects of adware and spyware, monitoring users’ Internet movements, rigging search engine results and displaying advertising banners, pop-ups, etc. for some products. Despite the notable growth of spyware, it is still way behind Trojans (31.51%) and adware (21.13%), in terms of the number of infections caused overall during the first quarter.
The region with the highest percentage of active malware continues to be Taiwan (31.7%). Brazil and Turkey are also noteworthy. They occupy second and third place respectively, overtaking Spain and the United States. Mexico, nevertheless, has witnessed a decrease in the amount of active malware (17.95%), dropping almost 10% compared to the 24.87% active malware average recorded for the whole of 2008.
Conficker: The major threat in Q1
Although it first appeared at the end of 2008, the Conficker worm has been the malicious code that has kept security companies busiest during the first three months of the year, due to the large number of infections caused between December 2008 and January 2009. Moreover, there was considerable concern about its supposed reactivation on April 1. However, until now, no new versions or additional infections have been detected other than those already associated to the previously active variants.
“It is still possible that at any moment one of the URLs created by Conficker on April 1 could be activated and the worm could download an update to its code or new malware. In any event, this would only affect users who are unprotected against Conficker, although there are still a large number”, says Corrons.
The PandaLabs quarterly report also includes information about other issues such as the Waledac worm, which had an impact around St. Valentine's Day, malware on social networks and the most important vulnerabilities detected during the first three months of the year.