In 2005, PandaLabs registered a significant increase in the number of new malware specimens received; over 240 percent. In total, over 46,000 new threats, including viruses, worms, Trojans, bots and other types of malware, compared to over 13,000 detected in 2004.
Of the total figure, the number of bots represented 10,000 new detections in 2005. The number of new viruses, on the other hand, decreased dramatically, whereas the percentages of worms and Trojans detected were still significant.
“2005 stands out for two reasons: the huge increase in the number of malware specimens and the lack of visible epidemics,” says Luis Corrons, director of PandaLabs. “The combination of these two factors leads us to think that the cyber-crime world intends to use this situation as a smoke screen to keep us busy while they carry out lucrative activities, like designing made-to-measure malware or industrial espionage. Situations like that of November 2005, when 5 worms from the Sober family were released in a few hours, with over 350 slight variations, clearly demonstrate this.”
Many of these detections were samples sent by computers with Panda Software’s TruPrevent™ Technologies installed. These technologies proactively detect unknown malware before it has been identified by analyzing their behavior. PandaLabs currently detects around 300 new variants a day using these and other technologies. Therefore, by the end of this year, the number of new variants detected could exceed 100,000, more than the computer threats detected in the previous 20 years.
“TruPreventTM has been essential in this aspect and considering the new malware panorama, its ‘intelligent’ approach becomes more important every day,” explains Luis Corrons. “They allow us to rapidly receive samples of new malware specimens from around the world, and this has improved our response time and effectiveness against this avalanche of new malware. However, what really matters is that they also allow us to act against the silent activities carried out by threats designed to target a specific computer or company, whereas traditional technologies are useless in these situations.”
Panda Software has published the PandaLabs 2005 Annual Malware Report, an analysis of developments in the malware panorama over the last year, and a reflection on the possible trends of 2006. In this report, PandaLabs underlines the changing tendency in malware creation, towards greater professionalization in the sector and highlights one of the key points in terms of IT security in 2005, the rise of targeted attacks and а la carte malware ”.
One of the main observations of this annual report is the professionalization of malware creators, who are now largely motivated by financial gain. “The time in which malware creators were seeking notoriety and recognition for their creations has long since gone,” argues the report.
“Cyber-crooks, motivated by profit, have adapted well to the new environment: they are now looking to silent infections to allow them to operate without too much noise being made in the media”, explains Luis Corrons, director of PandaLabs. “This means potential victims do not have their guard up and are more susceptible to theft of both money and all types of information”.
This situation represents a new business model based on malware, with an alliance of developers, distributors and companies making use of this infrastructure. A clear example of this is the more than 10,000 unique variants of new bots (“robots”, or programs that infect computers and listen for commands from their creator, normally via IRC) detected by PandaLabs in 2005.
“Bots, along with а la carte malware, are the main tools used by these new criminals, and they enable them to tackle highly complex operations”, explains Luis Corrons. “These bots form part of extensive networks that can be rented out on the black market and can be used for anything from denial of service attacks to silently installing other types of malware ”.
The report also looks at one of the main IT security stories in the world during 2005, the industrial espionage case that happened in Israel. In this case, an important group of companies was victim of a targeted attack using specially-crafted malware.
“The infamous case in Israel is unfortunately no more than the tip of the iceberg”, says Luis Corrons. “Other companies around the world could be being spied on and the fact that antivirus companies don´t have samples of the malicious code means that signature-based protection is useless. For this reason proactive protection, such as TruPreventTM is so important, as it is an effective way of fighting against this new branch of cyber crime.”
For more information, you can download the PandaLabs Annual Report 2005 from the Panda Software website at: http://www.pandasoftware.com/pandalabsreport/