RP drops from top 20 countries most hit by malware attacks

September 22, 2010 10:09 am 

MANILA, Sept. 22 – An internet security and content management developer Wednesday said the Philippines dropped from the top 20 countries that received malware (virus) attacks after being on the list for several months.

Kaspersky Lab, developer of internet security and content management, also said that Bangladesh took on the 19th place that was once occupied by the Philippines, which received 1.25 percent of infection attacks.

The Philippines also slid in the list of countries having servers that host malicious applications from 8th place in the first quarter of 2010 to 18th place in the second quarter, said Lab.

Company researchers attributed the slid to the falling popularity of the Philippines as a host for malicious applications, but said that while this is a positive trend for the country, this does not mean that the attacks have lessened.

Lab virus analyst Yury Namestnikov said the change is only 0.2 percent for the Philippines, adding there was a spike in activity of the peer-to-peer (P2P) worm Palevo, which also serves as bot-client.

Namestnikov warned that this particular worm “is very efficient, as an infected computer will be fully controlled by the source of the Palevo. It can spread through instant messengers like MSN, USB flash drives, and other P2P applications such as BearShare, Ares P2P, iMesh, Shareaza, Kazaa, among others.”

He also warned that the instant messaging (IM) malware known as IM-Worm.Win 32 Sohanad.bm has been detected in over 20 percent of Asia, making it the fourth most common malware in the world.

Namestnikov likewise warned that this prevalence of the IM-Worm.Win32.Sohanad.bm could increase in the coming months.

“The serious development of the Internet in the Philippines during the last several months together with slow growth of security awareness, will likely cause this country to make a comeback in the Top 20 list very soon,” Namestnikov said.

Kaspersky Lab reported that over half a billion computer-related attacks using malicious applications have been detected and blocked during the months of April to June 2010 in 288 countries.

”This number showed that infection attempts have grown by an average of 4.5 percent a month over a period of three months. The total number of malicious applications also increased by 0.7 percent during this period, with 8,540,223 attacks detected," it said.

The company also reported that 203,997,565 infection attempts were detected. The most common malicious software infection came from Trojan.Win32.Generic having 12.02 percent of all infections. This has remained at the top of all vulnerabilities since the first quarter of 2010.

According to the Kaspersky, 27 percent of these attacks were malicious scripts injected by cybercriminals into a variety of websites in attempts at targeting vulnerable computers.

Exploits in Adobe Reader remained the most common form of malware infection, it added.

The Kaspersky Lab said it also has detected 33,765,504 vulnerable files and applications in users’ computers. This shows that one in four computers had at least seven unpatched applications, which could lead to attacks by malicious software in the next few months.

The most common attacks against a single application are those that exploit vulnerabilities in Microsoft Office Excel, which is known to contain 39.45 percent of all known vulnerabilities.

The Botnets, a group of malicious applications running automatically and independently, remained at the top of Kaspersky’s list of malware incidents.

The company said it detected the creation of new bots, notably the ZeuS (Zbot) Trojan. A new modification for this particular botnet was detected in April this year that had a relatively unsophisticated code that attacked executiable (.exe) files. ZeuS primarily targets online banking accounts.

Another new botnet-making applications detected is TwitterNET Builder. While largely a proof-of-concept application, TwitterNET Builder builds new botnets using the popular microblogging site Twitter as a command-and-control-center.

Kaspersky Lab said one of the new botnets that came out using TwitterNET Builder is Backdoor.Win32.Twitbot, which can download and run files, conduct distributed denial-of-service (DDOS) attacks and open websites specified by the bot’s company owners.

While bots created using TwitterNET Builder were easily detected and eliminated, it points to potential use of popular social networking service to attack people’s computers.

Among the countries where attacks remained prevalent during second quarter of 2010 are China (17.09 percent), Russian Federation (11.36 percent), India (9.30 percent), United States (5.96 percent), Vietnam (5.44 percent), Germany (2.65 percent), Malaysia (2.37 percent), Saudi Arabia (2.19 percent), France (2.14 percent), and Ukraine (2.11 percent) in 10th place.((PNA)



Comments are closed.