Report: More Than 50 Percent Of Malware Infections Occurred In Education Sector In First Half Of 2010

During the first half of 2010, Europe sped through the spam-generating fast-lane, bypassing North and South Americas, and Asia-Pacific to earn the "Top Producer of Spam" title. Based on the Trend Micro semi-annual 2010 threat report, spam continued to grow between January and June 2010, with a brief lull during April. Despite common perception, porn consists of only 4 percent of all spam. Commercial, scams-based and health/medical categories make up 65 percent of the spam generated throughout the world, with HTML spam being the most commonly used technique by spammers.

According to the report, malicious URLs increased from 1.5 billion in January to over 3.5 billion in June. North America sourced the most malicious URLs, while Asia-Pacific had the most victims of malware infections. The top URLs blocked by Trend Micro were adult websites, as well as sites that hosted malicious variants such as IFRAME code, TROJ_AGENT, and JS_DLOADR.ATF.

TrendLabs, Trend Micro's global network of threat researchers, now handles around 250,000 samples each day.  Recent estimates though place the number of unique new malware samples introduced in a single day at greater than 60,000.

Trojans account for about 60 percent of new signatures, or antidotes, created by TrendLabs, and 53 percent of overall detections as of June. Backdoors and Trojan-spyware, often defined as crimeware or data-stealing malware, come in second and third places, respectively.  The majority of Trojans lead to data-stealing malware.

India and Brazil distinguished themselves by having the most botted computers, tools of choice by cybercriminals building botnets for distributing malware, perpetrating attacks and sending spam. Botnet herders – the cybercriminals behind the botnets -- earn millions of dollars in money stolen from innocent computer users. 

When it comes to malware infections by industry sector, education took the lead during the first half of 2010 -- nearly 50 percent of all malware infections occurred within schools and universities where IT and security staffers face the challenge of securing a complex, distributed and diverse infrastructure supporting countless students not likely to follow Internet security measures. The government and technology sectors follow next, each grabbing 10 percent of all malware infections.

According to the report, ZeuS and KOOBFACE made the most impact during the first half of 2010. ZeuS, crafted by an Eastern European organized crime network, is primarily a crimeware kit designed to steal users' online banking login credentials and other personal data. Small businesses and their banks are targeted by the thieves. Hundreds of new ZeuS variants are seen by Trend Micro every day, and this is not likely to change in the near future.

The KOOBFACE botnet achieved infamy as the largest social networking threat to date. In the early part of this year, TrendLabs experts noted that the KOOBFACE gang was continuously updating their botnet: changing the botnet's architecture, introducing new component binaries, and merging the botnet's functions with other binaries. They also began encrypting their command and control (C&C) communications to avoid monitoring and takedown by security researchers and the authorities.

Vulnerabilities in applications have always been a part of the security landscape. In the first half of 2010, Trend Micro threat researchers report a total of 2,552 Common Vulnerabilities and Exposures published, with many more that are privately reported to vendors and therefore not published externally.

For end users, vulnerabilities have facilitated "drive-by" threats, where all that is necessary to become infected by malware is to visit a compromised website. Servers are coming under attack as well, with cybercriminals exploiting un-patched vulnerabilities. While this may be more difficult than compromising a single user system, the potential reward for cybercriminals is greater.

Featured

  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    The Cybersecurity and Infrastructure Security Agency (CISA) recently announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3