Following are highlights on PandaLabs’ key findings on the evolution of online identity theft:
- 1.07 percent of all PCs scanned in 2008 were infected with active malware (resident in memory during the scan) related to identity theft, such as banker Trojans
- 35 percent of the infected PCs had up-to-date antivirus software installed
- The number of PCs infected with identify theft malware increased by 800 percent from the first half of 2008 to the second half
- Arizona, California and Florida continue to be the states with the highest per-capita incidence of reported identity theft
- PandaLabs predicts that the infection rate will increase by an additional 336 percent per month throughout 2009, based on the trend of the previous 14 months.
The study revealed that an alarming 35 percent of the PCs infected with this type of malware were using up-to-date antivirus software. Antivirus labs are receiving a massive amount of new malware samples each day (30,000 new samples per day according to PandaLabs), and antivirus vendors are continually updating their services to keep up with the overwhelming volume of new malware surfacing each day.
AV detection labs such as PandaLabs have made advances in automated detection and classification capabilities. These new detection methods as well as improved surveillance and cloud-based detection techniques have reduced the risk of individual identity theft incidents and its associated costs. Some global banks, notably in Brazil, have made changes to banking authentications using electronic tokens and virtual keyboards, but these approaches have been slow to be adopted in the U.S.
Banker Trojans are malware specifically created to steal user account information from banks and their customers. Trojans have increased in sophistication and are now able to easily update and expand the list of banks they can attack via the Internet. The top families of banker Trojans that are the most prevalent in infiltrating users’ systems are:
The most common origins of these banker Trojans are China and Russia, with Korea and Brazil also emerging as countries of origin for these threats.
Other general, non-banker Trojan, forms of identity theft malware steal usernames and passwords to chat, games or applications as well as personal information. The most common types of non-banker Trojan identity theft malware are: