As usual, ESET has released its monthly Global Threat Trends Report, which will be available in due course at http://www.eset.com/threat-center/index.php.
There are no surprises in the top five malicious programs, which have the same rankings as in the September report. Clearly, not enough people are taking our accumulated advice on reducing the risk from Conficker, INF/Autorun and so on. :(
Something I didn't anticipate though is the dramatic upsurge in Win32/Flystudio detections. This class of threat has been around for a while. It did feature strongly in our July report, when it came in from nowhere to number 5, and then hovered around the lower reaches for a while. Well, this month it shot back from 46 to 6. Here's the description from the latest report.
6. Win32/FlyStudio
Previous Ranking: 46
The Win32/FlyStudio threat is designed to modify information inside the victim's Internet browser. This threat will modify search queries, with the intention of delivering advertisements to the user. Win32/FlyStudio seems to be targeting users located in China.
What does this mean for the End User?
FlyStudio is a popular scripting language, much used as a development tool in China. However, the malicious code is being reported in other regions too, including North America. This may mean that it has been deployed by other malware.
Win32/TrojanDownloader.Swizzor, however, has dropped out of the top ten.
Other items discussed include:
- The AMTSO workshop in Prague, which inspired lively debate about when, if ever, it's acceptable to create samples for testing, and the thorny issue of AMTSO compliance - what is it, and who can legimately claim it?
- An interesting exercise conducted by Christopher and Samir at the First International Workshop on Aggressive Alternative Computing and Security, in which they installed a number of scanners (including NOD32) then logged in as administrator and tried to disable them. We're pleased to note that our product was one of those fairly resistant to such tampering, but we're not convinced that this is a very useful way to test the efficacy of a product. I'll return to that shortly in a separate blog.
- The Halloween Search Engine Optimization (SEO) poisoning issue already blogged here.
Perhaps the most interesting, though, is the first sight of some statistics garnered from a cybercrime survey conducted by Competitive Edge Research and Communication Inc. on behalf of the Security Our eCity initiative, which ESET sponsors. We'll be talking more here about some of the data points from that report in the near future, but an issue that the October report focused on was the find that 63% of adults seem to think cyber criminals are mostly individual computer hackers, whereas only 21% regard organized crime as primarily responsible for cybercrime.
As the report suggests, In the last quarter of 2009, that’s a pretty frightening statistic. It may not matter to the individual computer user who is responsible for specific threats, as long as he takes the right countermeasures. But if people don't understand the nature of the threat properly (and the security industry is apparently failing to convey that information), it seems likely that they don’t understand what constitutes an appropriate countermeasure, either.
Someone asked me today to hazard a guess at the ratio of individuals to organized crime in the current threatscape. I don't really have information that specific, and automatically mistrust it when other companies offer it, unless I know it comes from someone who spends a lot of time interacting with people I wouldn't want to meet in a dark alley.
It depends on your definition of organized crime, I guess. There are plenty of horror stories about various flavours of mafia, but there are certainly also one-man-band criminals out there, not to mention the amateurs still throwing out Proof of Concept malware and probing systems for the hell of it, or the kudos of discovering a poorly protected site.
However, most attacks are profit-driven, and most profit-driven attacks appear to be made by gangs. On the other hand, a lot of what crosses my radar is freelancers offering specific services to anyone who’ll pay for banking Trojans, or 0-day exploits, or credit cards, or whatever. So the market is certainly “organized” but some of the players aren’t necessarily aligned with one group in particular: Having said that, though, if their services are “good” enough, I’d assume that they’ll catch the attention of the major gangs.
David Harley
Director of Malware Intelligence