Ransomware, Trojans, Mobile Viruses and Cross-Platform Malware Set to increase, Says Kaspersky Lab

Send to friend

The first six months of 2006 were characterised by ransomware, an increase in Trojans, and viruses that can attack multiple operating systems and regular mobile phones, according to new half-year reports written by senior virus analysts at Kaspersky Lab, one of the worlds leading anti-virus companies. 

Ransomware

In January 2006, ransomware whereby a criminal sends a program that encrypts the files on a victim PC and then blackmails the owner into paying to have the files decrypted was represented by just one Trojan Trojan.Win32.Krotten. According to the Kaspersky Security Bulletin, January - June 2006: Malware Evolution report (http://www.viruslist.com/en/analysis?pubid=198968167), however, instances of ransomware have since increased in both intensity and number. Yury Mashevsky, Virus Analyst, Kaspersky Lab, elaborates: Gpcode followed Krotten in late January and evolved rapidly, extending the length of the encryption key from 56 bits to 660.

In the space of the first six months, the number of Trojans used for ransomware increased from two to six. At the peak of their development, the attacks were limited mainly to Russia and the CIS. But by the end of July, the authors of these programs had clearly branched out, as ransomware cases were seen in Germany, the UK and several other countries.

Trojans

Its not just Trojans used specifically for ransomware that are increasing, however. The report shows that, collectively, Trojans are developing faster than any other class of malicious code, with the number of new Trojan variants increasing during the first six months of this year by nine per cent compared to the last six months of 2005. 

The four most common types of Trojan Backdoor, Trojan-Downloader, Trojan-Spy and Trojan-PSW share a key commonality: they can all be used to steal personal data or create a botnet of victim computers, which in turn can be used to generate significant amounts of money for the criminally minded.

Viruses and worms, conversely, are no longer in vogue. The number of new variants of existing viruses and worms fell by 1.1 per cent during the first half of 2006. Explains Mashevsky: This decline can be attributed to simple economics it is less expensive to develop a primitive Trojan program than it is to create self-replicating malicious code, such as a worm.

 Mobile malware

The Kaspersky Security Bulletin, January - June 2006: Malicious programs for mobile devices report (http://www.viruslist.com/en/analysis?pubid=198981193) claims that malicious programs for mobile devices are set to rise, including cross-platform mobile malware.

According to the report, malware for Symbian OS, the most popular platform for smartphones, has now reached the stage where it is being developed for profit. In April, the first Trojan-spy for Symbian Flexispy was discovered. Flexispy relays information about the victims calls and SMS messages to the criminal.

Windows Mobile, currently the second most popular platform for smartphones, also attracted the attention of malware writers in the first half of the year.

Says Aleks Gostev, Senior Virus Analyst, Kaspersky Lab: Two new mobile malware samples were discovered during this period, and while they may only be proof of concept viruses, they could certainly provide inspiration for other malware writers with ambitions in this area.

Cross-platform malware for mobile devices was also evidenced in the first half of 2006, the first example being the Cxover virus. Cxover begins by checking which operating system is working on the infected device.  If launched on a PC, the virus searches for mobile devices accessible via ActiveSync.  Cxover then copies itself via ActiveSync onto all accessible mobile devices.  Once the virus is on a mobile device it attempts to copy itself onto accessible PCs.  In addition, it deletes user files on infected devices. The boundary between stationary and mobile devices is getting thinner and thinner, which is something that will cause serious concern in the future, says Gostev.

Its not just smartphones that are coming under attack; regular mobile phones have also been targeted. In February, Kaseprsky detected Trojan-SMS.J2ME.RedBrowser, the first piece of malware that could infect any mobile phone capable of running Java (J2ME) applications.

Almost 100 per cent of all mobile malware is designed to run under Symbian, and consequently Symbian will continue to be the target for cyber criminals for at least the next six months, observes Gostev.

However, Windows Mobile is the second most popular operating system for mobile devices and is gaining ground rapidly, meaning there will be more malware for Windows Mobile in the future. Windows Mobile malware is also easier to code because of its similarity to regular Windows platforms

Non-Windows malware

The Kaspersky Security Bulletin, January - June 2006: Malware for non Win32 platforms report (http://www.viruslist.com/en/analysis?pubid=198977709) highlights an increase in malware for non-Windows operating systems, with a number of proof-of-concept malicious programs appearing in early February. The first, Leap, spreads via the OS X instant messaging service, iChat, and sends itself to all contacts listed in the address book. The second, Inqtana, spreads via Bluetooth.

While both of these programs are proof-of-concept worms, their existence demonstrates that it is possible to create such a program, says Konstantin Sopranov, Virus Analyst, Kaspersky Lab.

Geographical origins of todays malware

The Kaspersky Security Bulletin, January - June 2006: Internet Attacks (http://www.viruslist.com/en/analysis?pubid=198981117) report isolates the origins of internet attacks. Back in 2004, the US was the main source of internet attacks intercepted by Kaspersky Lab. In 2005, however, the US was overtaken by China. This year, the situation has reversed again, with an enormous 40 per cent of all attacks worldwide again originating from the US and only 17 per cent coming from China. This percentage reversal is not because of a decrease in the number of attacks coming from China, but because of the huge increase in the number of attacks coming from the US.

South Korea, which was in third place last year, has dropped to ninth, with its place being taken by the Philippines. Germany also demonstrates a noticeable ascending trend; in comparison to last year, Kaspersky Lab intercepted, on average, three times more attacks originating in Germany.

Another notable change is France, which moved up to sixth place in comparison with fourteenth place last year. Russia has moved in the opposite direction, dropping from sixth to tenth place.

Geographical distribution of Internet attacks and probes, Jan-June 2006:

 

Rank

Country

Percentage of total

1

USA

40.60

2

China

17.22

3

The Philippines

4.58

4

Germany

4.14

5

Canada

2.63

6

France

2.61

7

United Kingdom

2.25

8

Japan

2.14

9

South Korea

2.09

10

Russia

1.77

11

Hong Kong

1.63

12

Netherlands

1.32

13

Taiwan

1.22

14

Spain

0.74

15

Mexico

0.73

16

Italy

0.69

17

Norway

0.67

18

Australia

0.66

19

Sweden

0.62

20

Belgium

0.42

 

Comments (0)

Add a Comment

This thread has been closed from taking new comments.