Sophos, a world leader in IT security, has published its
Security Threat Report 2007, examining the threat landscape over
the previous twelve months, and predicting malware and spam
developments during 2007.
The report - which can be downloaded here - reveals that the US hosts more than one
third of the websites containing malicious code identified during
2006, as well as relaying more spam than any other nation.
The Sophos Security Threat Report 2007 examines in detail the
top ten malware threats of the last year, and also confirms that
malware authors are continuing to turn their backs on large-scale
attacks in favor of more focused strikes against computer
users.
Microsoft Windows continues to be the primary target for
hackers, with internet criminals increasingly manufacturing
downloading Trojan horses rather than mass-mailing worms to do
their dirty work for them.
Countries hosting websites containing malware
The top ten countries hosting web-based malware during 2006,
according to the experts at SophosLabsâ„¢, were:
| Position |
Country |
Percentage |
| 1 |
United States |
|
| 2 |
China |
|
| 3 |
Russian Federation |
|
| 4 |
Netherlands |
|
| 5 |
Ukraine |
|
| 6 |
France |
|
| 7 |
Taiwan |
|
| 8 |
Germany |
|
| 9 |
Hong Kong |
|
| 10 |
Korea |
|
| Others |
10.5% |
"The US remains a hot spot for online criminal activity, and
despite authorities' continued efforts to clamp down on cybercrime,
too many US-hosted websites still have lax security measures in
place," said Carole
Theriault, senior security consultant for Sophos. "Given the
effectiveness of web-based attacks, web hosting companies in the US
and elsewhere need to step up their policing of published content,
and ensure that malicious code is quickly removed, before innocent
users get hit."
Dirty dozen spam-relaying countries
In addition to hosting the largest number of malicious websites,
the US continues to top the list of worst spam-relaying nations.
While the US has made good progress in its efforts to reduce
spam-relaying statistics, there was still more spam sent from US
computers in 2006 than any other single nation.
The top twelve spam-relaying countries during 2006 were:
| Position |
Country |
Percentage |
| 1 |
United States |
|
| 2 |
China (incl Hong Kong) |
|
| 3 |
South Korea |
|
| 4 |
France |
|
| 5 |
Spain |
|
| 6 |
Poland |
|
| 7 |
Brazil |
|
| 8 |
Italy |
|
| 9 |
Germany |
|
| 10 |
United Kingdom |
|
| =11 |
Russia |
|
| =11 |
Taiwan |
|
| Others |
24.4% |
Sophos experts note that up to 90% of all spam is now relayed
from zombie computers, hijacked by Trojan horses, worms and viruses
under the control of hackers. This means that they do not need to
be based in the same country as the computers being used to send
the spam.
Email threats decline while malicious web content grows
Sophos found that the most prolific email threats during 2006
were the Mytob, Netsky, Sober and Zafi families of worms, which
together accounted for more than 75% of all infected email.
However, Sophos predicts that 2007 is likely to see a significant
shift away from the use of email security threats, with
cybercriminals instead looking to exploit the continued global
growth in web use, as well as user-defined web content.
Email will continue to be an important vector for malware
authors, though the increasing adoption of email gateway security
is making hackers turn to other routes for infection. The number of
websites being infected with malware is on the rise SophosLabs is
currently uncovering an average of 5,000 new URLs hosting malicious
code each day.
"The internet now represents the easiest way for cybercriminals
to gain entry to corporate networks, as more users are accessing
unregulated sites, downloading applications and streaming
audio/video, potentially jeopardising security in the process,"
continued Theriault. "A great many businesses aren't geared up to
gain insight into users' online behaviour, let alone control it,
and it's vital that they now begin to examine ways to incorporate
web security into their overall IT security strategy."
Trojans taking over from spyware
During 2006 Sophos saw a decrease in the use of traditional
spyware, in favour of multiple Trojan downloaders. The hacker sends
a 'special offer' (or similar) email in an attempt to dupe
recipients into visiting a website containing a malicious
downloader. The executable file will attempt to download additional
Trojans, a process that may be repeated multiple times to try and
disable all security defences, before it downloads a spyware
component - which will then have a better chance of success.
Statistics reveal that in January 2006 spyware accounted for
50.43% of all infected email, while 40.32% were emails linking to
websites containing Trojan downloaders. By December 2006 the
figures had been reversed, with the latter now accounting for
51.24%, and spyware-infected emails reduced to 41.87%. This trends
looks set to continue into 2007 and beyond.
Malware types differ according to location
Sophos notes that 30% of all malware is now written in China,
most of it taking the form of Trojans used for gaining a backdoor
into users' computers. Surprisingly, 17% of malware written in
China is designed for the specific purpose of stealing passwords
from online gamers. In contrast, malware authors based in Brazil
are responsible for 14.2% of all malware, the majority of which is
designed to steal information from online bankers.
"It's interesting to see how malware varies depending on
location, often exploiting current country-specific online trends.
Identifying the source of the malware helps security experts and
authorities strengthen criminal profiles and bring the perpetrators
to justice," added Theriault.
Sophos detected 41,536 new pieces of malware in 2006, bringing
the total protected against to 207,684. Of these threats, Trojans
now outnumber Windows viruses and worms by 4:1. The proportion of
infected emails was down from 1 in 44 during 2005 to just 1 in 337
during 2006.
The full report, which also covers the top ten malware threats
of 2006, predictions for 2007, and emerging threats such as
ransomware and scareware, can be downloaded from the Sophos
website:
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.