After analysing vast numbers of IT threats during the second quarter of 2011, Kaspersky Lab’s experts identified a number of important trends.
Navigating the web remains the riskiest activity on the Internet with malicious URLs that serve exploit kits, bots, ransomware Trojans, etc. being the most frequently detected objects (65.44%) online.
Interestingly, 87% of the websites used to spread malicious programs were concentrated in just 10 countries. The first two places in this particular “top 10” were occupied by the US (28.53%) and Russia (15.99%).
The Netherlands leads the way in reducing the number of malicious hosting sites: compared to the previous quarter, its share has fallen by 4.3% to 7.57%. This is down primarily to the efforts of the Dutch police and includes the neutralising of botnets such as Bredolab and Rustock.
Kaspersky Lab experts have divided countries into groups according to their local infection levels which include:
· High-risk countries (41-60% unique users subject to web attacks). This group includes: Oman, Russia, Iraq, Azerbaijan, Armenia, Sudan, Saudi Arabia and Belarus. Newcomers to this group in Q2 were Sudan and Saudi Arabia, while Kazakhstan dropped down a level.
· Average risk group (21-41%). This group was made up of 94 countries, including: the US (40.2%), China (34.8%), the UK (34.6%), Brazil (29.6%), Peru (28.4%), Spain (27.4%), Italy (26.5%), France (26.1%), Sweden (25.3%) and the Netherlands (22.3%). It is particularly noteworthy that the US, at 40.2%, is very close to joining the high-risk group of countries due to the increase in the number of FakeAV detections.
· Safe-surfing countries (11.4-21%). This group comprised 28 countries and included Switzerland (20.9%), Poland (20.2%), Singapore (19.6%) and Germany (19.1%). In the second quarter of 2011, five countries left this group, including Finland which entered a higher risk group with 22.1%
India was among the top 10 countries in which users’ computers ran the highest risk of local infection. Every second computer in the country was at risk of local infection at least once in the past three months.
“Over the last few years, India has been growing steadily more attractive to cybercriminals as the number of computers in the country increases steadily. Other factors that attract the cybercriminals include a low overall level of computer literacy and the prevalence of pirated software that is never updated,” explains Yury Namestnikov, Senior Virus Analyst at Kaspersky Lab.
“Botnet controllers see India as a place with millions of unprotected and unpatched computers which can remain active on zombie networks for extended periods of time.”
The five safest countries, in terms of the level of local infections, are: Japan (with 8.2% of unique users affected), Germany (9.4%), Denmark (9.7%), Luxembourg (10%) and Switzerland (10.3%).
For the very first time in its history, the Top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found in Adobe Flash Player alone. Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs.
The second quarter of 2011 was eventful in terms of the hacking of major companies with the list of victims including Sony, Honda, Fox News, Epsilon and Citibank. The evidence surrounding the hacking of Sony’s services indicates that the main objective of the hackers was not to earn a quick buck. Rather it was part of a wave of “hacktivism” — hacking or bringing down systems in protest against the actions of governments or large corporations — which is continuing to gain momentum. In the first quarter of this year a new group called LulzSec emerged, which over the course of 50 days succeeded in hacking a number of systems and publishing the personal information of tens of thousands of users.
During the second quarter of 2011, the number of fake antivirus programs detected globally by Kaspersky Lab began to increase – the number of users whose computers blocked attempts to install counterfeit software increased 300% in just three months.
According to Kaspersky Lab’s experts, the number of mobile threats targeting different mobile platforms continues to increase exponentially – detected threats running on J2ME doubled during Q2 2011, while the number of detections of malicious programs targeting Android nearly tripled. Once again malicious programs were detected in the official Android store Android Market.
The growing popularity of bitcoin, a special program that allows “money” to be generated on users’ computers, is a magnet to those who seek to acquire money by illegal means. Encrypted wallets containing money can be stored on users’ computers and access can be gained to these wallets by entering the right password. Malicious users typically steal the wallets first and then try to determine the passwords afterwards.
A relatively simple Trojan was detected in Q2 that sent bitcoin wallets to malicious users when launched. This led the cybercriminals to come up with the novel idea of making unsuspecting users engage in bitcoin mining for them. In late June, Kaspersky Lab discovered a malicious program comprised of a legitimate bitcoin mining program (bcm) and controlled by a Trojan module. After the Trojan is launched, the infected computer begins to generate bitcoins for the malicious users.