Kaspersky Lab announces the publication of its Monthly Malware Statistics and highlights the new lengths cybercriminals are going to
Abingdon, UK, 4 May 2011 - March was testament to the fact that cybercriminals are not averse to exploiting tragedies in order to spread malware, according to the recent monthly malware report from Kaspersky Lab.
In March, scammers and malware writers used the devastating events in Japan to spread malicious links to their own versions of the “latest news”. Cybercriminals created malicious websites with content connected in some way to the disaster and sent out letters making emotional requests for money to be transferred to the message sender in order to help those who have suffered.
March also saw cybercriminals use Java exploits as a weapon of choice. Of the five exploits to appear in the Top 20 malicious programs on the Internet in March, three of them were for vulnerabilities in Java.
Malware writers were also surprisingly quick to react to announcements of new vulnerabilities. A good example of this is a vulnerability in Adobe Flash Player that allowed cybercriminals to gain control of a user’s computer. The vulnerability was announced by Adobe on 14 March and by the next day, Kaspersky Lab had already detected an exploit for it.
Protection against antivirus programs
Another notable trend was that the malevolent users behind HTML pages that are used in scams or to spread malware are constantly coming up with new ways to hide their creations from antivirus programs. In February cybercriminals were using Cascading Style Sheets (CSS) to protect scripts from being detected. Now, instead of CSS, they are using < textarea > tags on their malicious HTML pages. Cybercriminals use the tag as a container to store data that will later be used by the main script. For example, Trojan-Downloader.JS.Agent.fun at 9th position in the Top 20 rating of malicious programs on the Internet uses the data in the < textarea > tag to run other exploits.
In addition, according to Kaspersky Security Network (KSN) statistics, malware writers are actively modifying the exploits they use in drive-by attacks in order to avoid detection.
At the beginning of March, Kaspersky Lab’s experts detected infected versions of legitimate apps on Android Market. They contained root exploits that allow a malicious program to obtain root access on Android smartphones, giving full administrator-level access to the device’s operating system. As well as a root exploit, the malicious APK archive contained two other malicious components. One of them sent an XML file containing IMEI, IMSI and other device information to a remote server and awaited further instructions. The other component had Trojan-downloader functionality.
For a complete version of Kaspersky Lab’s March malware report, please visit http://www.securelist.com/en/analysis/204792170/Monthly_Malware_Statistics_March_2011
Kaspersky Lab Newsroom
Kaspersky Lab has launched a new online newsroom, Kaspersky Lab Newsroom Europe (http://newsroom.kaspersky.eu/en), for journalists throughout Europe. The newsroom is specifically designed to serve many of the media’s most common requests, making it easier for journalists to find product and corporate information, facts and figures, editorial copy, images, videos and audio files, as well as details about the appropriate PR contacts.
About Kaspersky Lab
Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at www.kaspersky.co.uk. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit http://www.securelist.com.
John Paul Charles
Telephone: 0118 988 2992
Fax: 0118 988 6911
Three Mile Cross
RG7 1BA, Reading
Kaspersky Lab UK
Telephone: 0871 789 1633
Milton Business Park
OX14 4RY, Oxford
© 2010 Kaspersky Lab. The information contained herein is subject to change without notice. The only warranties for Kaspersky Lab products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Kaspersky Lab shall not be liable for technical or editorial errors or omissions contained herein.