Ever since the anti-malware industry started some twenty years ago threats have been getting more complex. We've always managed to cope. On the other hand we can see that the motives for writing malware have changed. And, what's probably more important, is that the very good coders are selling their stuff. This means that advanced malware has become more and more common over time. However we are constantly improving our technologies as well. These days anti-malware products are no longer just the standard signature scanners from five years ago. We have lots of different technologies to fight malware and signatures are just a part of that.
What do you see as the biggest online security threats today?
As referenced before the ID stealing malware is a great threat. The other major malware threat that is currently out there is called rogue anti-malware. This rogueware pretends to be an anti-malware product and produces all sorts of fake detections. If you want to remove the threats you need to pay up. This approach seems extremely effective and a lot of unsuspecting users, thinking they are doing the right thing, are falling for it.
Social networks also need to be mentioned here. There is a lot of danger in these networks. People are giving out a lot of information which can (indirectly) lead to spear phishing attacks on them or their friends. Social networks are already being used for the spread of malware and it's been reasonably successful. We can pretty easily warn user for this type of threat. But when it comes to the information disclosure issue it's very hard to educate people as there is not a lot of direct public proof of these attacks. This means that many people feel that the threat is overblown.
Based on statistics you collect, what countries stand out in malware production?
Before I can answer this question I need to clarify something. We can normally tell if malware has been created by a Chinese malware author. But as many of the malware authors are selling their creations we can't really say for sure who's responsible. The same goes for malware hosting. So we may see a malware sample originally authored by a Russian on a Chinese hosting server while the buyer of the trojan is German.
With that said we definitely see China as the main source at about 60% of the malware samples. This is followed by Russia/Ukraine and Latin America. From Latin America we are mostly seeing banker Trojans and phishing. China has gone from producing password stealers for online games such as World of Warcraft to a more generic offering. Russia has always been quite generic, with a focus on spam. It also still looks like the most advanced malware comes from Russia, but the Chinese malware authors are definitely working on that area.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.