Millions exposed to identity theft

Panda Security study Reveals Alarming Global Infection Rates of Identity Theft Malware

Panda Security, the global IT security vendor, has revealed that more 10 million users worldwide were infected with active identity theft-based malware. The findings are the result of a comprehensive identity theft study (in which 67 million computers were analysed last year) conducted by the company's malware analysis and detection laboratory. Panda found

According to one recent study published by an independent research firm, the average cost per ID theft incident in the U.S. is $496.00 (R4960), putting the total estimated risk of ID theft from malware in this country alone at approximately $1.5 billion (R15 billion) .

The Panda investigation revealed that 1.07% of all PCs scanned in 2008 were infected by identity theft-related active malware (such as banker Trojans) with the number of PCs infected with identify theft malware increasing by 800% from the first half of 2008 to the second half. Based on the trend of the previous 14 months, Panda predicts that the infection rate will increase by an additional 336 percent per month throughout 2009.

According to the Federal Trade Commission (FTC), the average time victims spend resolving identity theft issues is 30 hours per incident. The cumulative cost in hours alone from identity theft related malware based on Panda Security's projected infection rate could reach 90 million hours.  

The Panda study revealed that an alarming 35% of the PCs infected with this type of malware were using up-to-date antivirus software.

‘Antivirus labs are receiving a massive amount of new malware samples each day and antivirus vendors are continually updating their services to keep up with the overwhelming volume of new malware surfacing each day,' says Jeremy Matthews, head of Panda's sub-Saharan operations. ‘AV detection labs such as PandaLabs have made advances in automated detection and classification capabilities. These new detection methods as well as improved surveillance and cloud-based detection techniques have reduced the risk of individual identity theft incidents and its associated costs.'

Matthews adds that while some global banks have made changes to banking authentication (like in Brazil) – using electronic tokens and virtual keyboard – but these approaches are still being reluctantly adopted elsewhere.

‘We must become aware of the dangers of malware identity theft and protect ourselves from the serious potential losses, both in time and money,' concludes Matthews.

The most common origins of these banker Trojans are China and Russia, with Korea and Brazil also emerging as countries of origin for these threats. To see a chart outlining the origins of banker Trojans, please access the following link: http://farm4.static.flickr.com/3565/3341624488_c393093820_m.jpg

Other general, non-banker Trojan, forms of identity theft malware steal usernames and passwords to chat, games or applications as well as personal information. The most common types of non-banker Trojan identity theft malware are:

Trj/Lineage
W32/Lineage.worm
Trj/Legmir
Trj/Wow
W32/Wow.worm
Trj/MSNPassword
Trj/PassStealer
Trj/QQPass

Check out Panda's internet safety blog www.cybersafety.co.za for more information.
Alex Matthews
Marketing & Communications | Sub-Saharan Africa

PANDA SECURITY One step ahead .

+27 (0)21 683 3899
+27 (0) 72 484 9206

twitter.com/PandaSecurityZA
cybersafety.co.za
pandasecurity.com