Thu, 12/18/2008 - 12:18 — Igor Donchenko
It's no surprise - surfing the Internet without a security software installed brings dangerous consequences, especially since the growth of Web threats have increased by nearly 2000 percent since 2005. According to Trend Micro threat researchers, more than 50 percent of the top 100 malware of 2008 came from the Internet and were accidentally downloaded by users surfing unknown or malicious Web sites.
The second highest source of infections (43 percent) is from malware already present on a system. Today's multi-component threats typically download one or more pieces of malware whose sole purpose is to hide in a specific file, then contact a remote location to retrieve the real payload such as data stealing malware.
Finally, email attachments from unknown or malicious sources bring the third highest source (12 percent) of infections. Other common ways to become infected include: clicking on links or accepting file transfers over instant messaging applications; downloading files offered via peer-to-peer connections; using removable drives such as thumb drives and portable/external hard drives; and failing to patch applications found to have vulnerabilities.
Even though regional data reflects the same general trend, there are slight variations. North America still has the highest amount of adware and is seeing significant growth in data-stealing malware that arrive via the Internet.
Malware borne by removable drives (portable/external hard drives, thumb drives, flash disks, memory cards, etc.) are at 29.31 percent in Asia and Australia, the highest compared to other regions. Most Asian countries have auto-run malware (malware that spread through removable devices) as their top infectors, the highest concentration compared to other regions. China is one exception -- the country has a high percentage of online gaming spyware, due to its large online gaming population.
The top malware infecting PCs in Europe, Middle East and Africa are Trojan downloaders, Trojans that install other malicious files to the computer system either by downloading them from a remote computer or by dropping them directly from a copy contained in its own code. Infections through malicious IFrames (Inline Frames, a popular Web design convention that enables one HTML document to be embedded inside another HTML document) are also popular within this region.
Latin America's top threats are varied in profile but the region is seeing a growth in multi-component attacks. Several malware found in PCs have in fact been dropped by other malware already present in the PC.