Dr. Dobb's | Security Report Sees Malware Continued Growth

Security Report Sees Malware Continued Growth

IBM Internet Security Systems identifies and analyzes more than 210,000 new malware samples

September 17, 2007
URL:http://drdobbs.com/security/security-report-sees-malware-continued-g/201806862

According to a just-released security report from IBM, the volume and sophistication of malware continues to increase, at least when comparing the first half of 2007 with the first half of 2006. To date in 2007, IBM Internet Security Systems (ISS) X-Force research and development has identified and analyzed more than 210,000 new malware samples, exceeding the total number of malware samples observed in 2006.

The report, entitled Cyber Attacks on the Rise: IBM X-Force 2007 Midyear Report states that Trojans (seemingly legitimate files that are actually malware) comprise the most voluminous category of malware so far in 2007, accounting for 28 percent of all malware, in contrast to 2006 when Downloaders was the most common category. A Downloader is a low-profile piece of malware that installs itself so that it can later download and install a more sophisticated malware agent.

The use of Web exploit obfuscation continues to rise in 2007 in an attempt to make it difficult for signature-based intrusion detection and prevention products to detect attacks. In 2006, X-Force data reported that approximately 50 percent of Web sites hosting exploit material designed to infect browsers were obfuscating, or camouflaging, their attack. In the first half of 2007, that number reached 80 percent.

An unexpected trend in the report is that, for the first time, spam message size decreased instead of continuing on a linear growth pattern. This decrease corresponds with a decrease in image-based spam. Since mid-2005, image-based spam has been one of the biggest anti-spam challenges, but in the first half of 2007, the percentage of image-based spam declined to the level of mid-2006, at just over 30 percent. At the end of 2006, image-based spam accounted for more than 40 percent of spam messages.

"The decrease in spam message size and image-based spam is a result of spammers adopting and experimenting with newer techniques, such as PDF- and Excel-based spam, as a means to more successfully evade detection by anti-spam technologies," said Kris Lamb, director of X-Force for IBM Internet Security Systems.

The X-Force report also discusses the several key security statistics for the first half of 2007, among others:

January has so far been the busiest month of the year for vulnerabilities, with 600 disclosures.
Spain has taken South Korea's place as the highest source of phishing e-mails, accounting for 17.9 percent of the worldwide volume.
The percentage of vulnerabilities that can be exploited remotely has grown in the first half of 2007 to 90 percent versus 88 percent in 2006.
The percentage of vulnerabilities that allow an attacker to gain access to the host after successful exploitation has also risen slightly to 51.6 percent from 50.6 percent in 2006.
Currently, about 10 percent of the Internet consists of unwanted content such as pornography, crime, adult or socially deviant material.

For the remainder of 2007 and into 2008, X-Force expects to observe a lack of exponential growth in vulnerabilities disclosed, the continued growth of targeted and boutique malware such as Trojans and a continued rise in obfuscation techniques for Web-based threats.