AhnLab Research Identifies Latest Threats to Online Security in Third Quarter

ASEC Report Finds that Trojans Remain Most Reported Malicious Code in Third Quarter

(04.11.11) - Trojans remain the most reported malicious code in the third quarter according to recent findings from AhnLab Inc. In the most recent "AhnLab Security Emergency Response Center" (ASEC) report, Trojans represented the most reported malicious code at 37.2 percent, as well as accounting for 36 percent of the top new malicious codes during the third quarter of 2011.

Based on a sampling pool of users in South Korea, Trojans dominated the top twenty most reported malicious codes for the third quarter, followed by script (20.7 percent), and worm (10.8 percent). When examining the top 20 malicious codes reported in the third quarter of 2011, Textimage/Autorun ranks top at 16.2 percent (1,702,118 reported cases), followed by JS/Agent at 13.6 percent (1,429,508 reported cases) and the new Html/Agent at 9.7 percent (1,016,109 reported cases).

"Korea is regarded as one of the most advanced markets when it comes to IT, and we have found that research around threats and prevention in this market can reflect international patterns,” said Mr. Hongsun Kim, CEO of AhnLab. "The most recent ASEC report serves as an important reminder to users to remain alert to, and conscientious of, the myriad attacks threatening online security.”

The third quarter saw a decrease in malicious code reports as compared to the previous quarter, which dropped 6,601,706 to 39,606,178. However, 13 new malicious identified codes made up part of the top 20 malicious codes for the quarter.

Trojans are the most reported new malicious code, representing 36 percent of the top reported new malicious codes. It is followed by script at 22 percent and adware at 12 percent. Specifically, TextImage/Autorun is the most reported new malicious code at 17.1 percent (1,699,603 reported cases) of the top 20 new malicious codes, followed by JS/Agent at 14.4 percent (1,429,439 reported cases).

According to AhnLab’s security program, SiteGuard, in the third quarter the number of reported malicious codes increased 34 percent to 253,613 codes, as compared to the previous quarter. Furthermore, the number of reported types of malicious code increased 11 percent to 2,296 compared to the previous quarter. On the other hand, the number of reported domains with malicious code decreased by 5 percent to 1,971 as compared to the previous quarter.

The ASEC Report revealed that Microsoft security updates continue to demonstrate vulnerabilities. As in the first and second quarters, system vulnerabilities were the most prominent, marking

41 percent of updates, while IE vulnerabilities marked the least amount of updates at 4 percent.

Global Malicious Code Trends - Third Quarter

In its most recent ASEC report, AhnLab emphasizes that malicious code trends in the third quarter are similar to that of the second quarter. The number of malicious codes distributed by exploiting vulnerabilities remains high.

As has been seen previously, most malicious code variants are restricted by specific regions. As regionalization of malicious codes becomes more pervasive, global malicious code statistics are no longer significant. Distribution of malicious codes remains common by hacking websites and exploiting vulnerabilities to insert malicious codes. However, distributing malicious codes via email or social network sites, such as Facebook and Twitter is also becoming increasingly common.

Bootkits, a type of malware that infects the Master Boot Record and allows malicious programs to be executed before the operating system boots, were also on the rise in the third quarter. In August, a new malware that modifies and infects Award BIOS was reported, and in September a bootkit that downloads online game hacking malware was reported in South Korea. While numerous bootkits have appeared, they are not multiplying as these are more difficult to create compared to other malware. However, as bootkits are not easily detected and difficult to remove, cyber criminals are increasingly interested in their development.

Threats to smartphone security remain an issue in the third quarter. A malware posing as a PDF file was reported to infect Mac OS X and a new piece of Android Malware called GingerMaster has been found exploiting Android 2.3 (Gingerbread). GingerMaster exploits Android 2.3 and harvests data on infected Android smartphones and then sends the stolen information to a remote server. AhnLab cautions that extra care must be taken as smartphone security threats will continue to increase.

Cloud computing represents one of the most exciting technology trends and the antivirus industry has not been slow to embrace this opportunity. In fact, AhnLab, Inc. has added a cloud-based technology, AhnLab Smart Defense (ASD) to its product line. Hackers and cyber criminals have also been quick to take advantage of this trend and a rogue cloud antivirus ‘OpenCloud Antivirus’ was reported in September. This rogue system pretends to scan the system and claims to identify multiple infected files. Similar to other rogue antivirus, this system will trick victims into purchasing a license for the software. AhnLab warns users to exercise caution when implementing a cloud antivirus system. (AhnLab: ra)