In January 2006, ransomware whereby a criminal sends a program that encrypts the files on a victim PC and then blackmails the owner into paying to have the files decrypted was represented by just one Trojan Trojan.Win32.Krotten. According to the Kaspersky Security Bulletin, January - June 2006: Malware Evolution report (http://www.viruslist.com/en/analysis?pubid=198968167), however, instances of ransomware have since increased in both intensity and number. Yury Mashevsky, Virus Analyst, Kaspersky Lab, elaborates: Gpcode followed Krotten in late January and evolved rapidly, extending the length of the encryption key from 56 bits to 660.
In the space of the first six months, the number of Trojans used for ransomware increased from two to six. At the peak of their development, the attacks were limited mainly to
Its not just Trojans used specifically for ransomware that are increasing, however. The report shows that, collectively, Trojans are developing faster than any other class of malicious code, with the number of new Trojan variants increasing during the first six months of this year by nine per cent compared to the last six months of 2005.
The four most common types of Trojan Backdoor, Trojan-Downloader, Trojan-Spy and Trojan-PSW share a key commonality: they can all be used to steal personal data or create a botnet of victim computers, which in turn can be used to generate significant amounts of money for the criminally minded.
Viruses and worms, conversely, are no longer in vogue. The number of new variants of existing viruses and worms fell by 1.1 per cent during the first half of 2006. Explains Mashevsky: This decline can be attributed to simple economics it is less expensive to develop a primitive Trojan program than it is to create self-replicating malicious code, such as a worm.
The Kaspersky Security Bulletin, January - June 2006: Malicious programs for mobile devices report (http://www.viruslist.com/en/analysis?pubid=198981193) claims that malicious programs for mobile devices are set to rise, including cross-platform mobile malware.
According to the report, malware for Symbian OS, the most popular platform for smartphones, has now reached the stage where it is being developed for profit. In April, the first Trojan-spy for Symbian Flexispy was discovered. Flexispy relays information about the victims calls and SMS messages to the criminal.
Windows Mobile, currently the second most popular platform for smartphones, also attracted the attention of malware writers in the first half of the year.
Says Aleks Gostev, Senior Virus Analyst, Kaspersky Lab: Two new mobile malware samples were discovered during this period, and while they may only be proof of concept viruses, they could certainly provide inspiration for other malware writers with ambitions in this area.
Cross-platform malware for mobile devices was also evidenced in the first half of 2006, the first example being the Cxover virus. Cxover begins by checking which operating system is working on the infected device. If launched on a PC, the virus searches for mobile devices accessible via ActiveSync. Cxover then copies itself via ActiveSync onto all accessible mobile devices. Once the virus is on a mobile device it attempts to copy itself onto accessible PCs. In addition, it deletes user files on infected devices. The boundary between stationary and mobile devices is getting thinner and thinner, which is something that will cause serious concern in the future, says Gostev.
Its not just smartphones that are coming under attack; regular mobile phones have also been targeted. In February, Kaseprsky detected Trojan-SMS.J2ME.RedBrowser, the first piece of malware that could infect any mobile phone capable of running Java (J2ME) applications.
Almost 100 per cent of all mobile malware is designed to run under Symbian, and consequently Symbian will continue to be the target for cyber criminals for at least the next six months, observes Gostev.
However, Windows Mobile is the second most popular operating system for mobile devices and is gaining ground rapidly, meaning there will be more malware for Windows Mobile in the future. Windows Mobile malware is also easier to code because of its similarity to regular Windows platforms
The Kaspersky Security Bulletin, January - June 2006: Malware for non Win32 platforms report (http://www.viruslist.com/en/analysis?pubid=198977709) highlights an increase in malware for non-Windows operating systems, with a number of proof-of-concept malicious programs appearing in early February. The first, Leap, spreads via the OS X instant messaging service, iChat, and sends itself to all contacts listed in the address book. The second, Inqtana, spreads via Bluetooth.
While both of these programs are proof-of-concept worms, their existence demonstrates that it is possible to create such a program, says Konstantin Sopranov, Virus Analyst, Kaspersky Lab.
Geographical origins of todays malware
The Kaspersky Security Bulletin, January - June 2006: Internet Attacks (http://www.viruslist.com/en/analysis?pubid=198981117) report isolates the origins of internet attacks. Back in 2004, the
Another notable change is
Geographical distribution of Internet attacks and probes, Jan-June 2006:
Percentage of total