The Year in Malware… 2012 In Review

by News Editor on November 30th, 2012 in Researcher Comments.

What a year 2012 has been… Cyber thieves are constantly adapting their techniques to get hold of your private information. This year has been no different. We wanted to get a perspective of how the year has been in terms of online security, in the eyes of our Malware Lab team. To help you get a better perspective, we interviewed Malware Labs’ director, Andrew Browne to find out his take on malware in 2012 and his team was really thoughtful to compile a detailed report of the top malware trends of the year.

Q: In a nutshell, can you describe what type of year 2012 has been in terms of online threats (new malware etc) that users are faced with?

A: A huge amount of vulnerabilities in operating systems and applications were discovered in 2012, some of the more serious being two highly exploitable vulnerabilities in Oracle’s Java Runtime Environment (JRE). Because Java is multiplatform, Windows, Mac OS and Linux machines were all vulnerable. Attackers were able to spread malware by tricking users into visiting booby-trapped websites where the exploit code would be executed without requiring any user interaction. Oracle were aware of the problem in April but did not release a patch until some months later – the only solution was to take evasive action and disable Java in web browsers.

Q: 2012 saw a drastic increase in malicious malware threatening government’s secret service, breaching accounts on social media networks etc. Malwares like Flame for example, what was the biggest challenge that the bad guys presented this past year?

A: The Blackhole exploit kit. In recent years, crime-ware toolkits have taken the heavy lifting out of creating malware. For a fee and with little effort, hackers are using the Blackhole exploit kit to create swathes of difficult-to-detect polymorphic malware that can be used to compromise victim’s machines. Blackhole targets a wide array of vulnerabilities in Java and Adobe products -  since these products are ubiquitous and generally infrequently patched by users, there is a huge attack platform for Blackhole generated malware to exploit.

Q: As the Malware Go-To-Guy, when it comes to online security, everyone is vulnerable to cyber-attacks. Can you provide the users some tips and tactics in reducing these malicious attacks?

A: Needless to say, install an anti-malware application that has real-time protection capabilities and keep it up to date!

Operating system and application vulnerabilities are frequently exploited so it’s vital that they are kept up to date. Make sure that Windows is configured to automatically install security updates. It’s harder to stay on top of application updates - Secunia’s Personal Software Inspector will take care of searching for and installing updates automatically. It’s worth paying extra attention to making sure you have the latest versions of Java and Adobe products like Flash and Shockwave.

Beyond securing your operating system and applications, use different passwords on all social media, shopping and banking/financial transaction accounts, and choose strong passwords. Select a password with at least 8 characters combining letters, numbers and punctuation. For the adventurous, it would pay to learn how to make use of the NoScript browser plug in - it blocks scripts that do not originate from the web page being currently viewed.

Q: Has the Malware Labs identified any trends in terms of your findings and research in 2012?

The outgoing year revealed several trends in the threats detected by the Lavasoft Lab. Among them we can mention several botnets represented by Vundo, Diacam, Carberp, Shiz, Nrgbot, ZeroAccess backdoors that are successfully acting so far according to our ratings. All backdoors are well designed cyber weapon with rootkit components that help steal confidential information in a hidden way.  Often the backdoors penetrate the user’s system by means of drive-by attacks where the latest exploits for Java, Adobe Acrobat/Reader, Flash Player are utilized with additional obfuscation layers against antivirus detection. Once exploits are powerless due up-to-date software there is always a chance for social engineering techniques (spam, phishing). In such way, only reliable antivirus solution can protect users against all types of cyber-attacks. Let us discuss the most popular of them.

Top 20 Malware Blocked in 2012

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Geography of Infections

Malware uploading geography reflects that we have the United States as a biggest contributor of malware samples which can be also explained by a big number of Lavasoft customers in North America.