Press Release

Kaspersky: Worry About Trojans, Mobile Phone Worms

Russian security giant Kaspersky Lab, publisher of the well-regarded Kaspersky Internet Security 2009, on Wednesday released its mid-year report on current trends in malware along with a report on spam trends.

The full two-part report is quite lengthy; here are some of the high points.

New Malware Categories

 

Kaspersky divides active malware threats into two main groups, TrojWare and VirWare. VirWare refers to viruses, worms, and any malicious software that can propagate independently. TrojWare includes backdoors, rootkits, Trojans, and any malicious software that only propagates if it can trick a user into launching it. The average consumer may fear viruses more, but 92 percent of threats observed by Kaspersky fall in the TrojWare category.

Researchers at Kaspersky Lab further break these categories down by behavior. Based on analysis of threats found in the first half of this year, the firm introduced several new categories of malware. One, Trojan-Ransom, will "encrypt user files in order to demand money from the user in return for the files being restored," according to Kaspersky. Another, Trojan-GameThief, steals login credentials for specific popular online games. Not a serious threat? A World of Warcraft player who's spent months building a character and accumulating online loot would surely disagree.

Kaspersky also reports a change in direction for the budding mobile malware category. "Instead of attacking smartphones, virus writers ... started to specialize in Trojan programs for J2ME, which are capable of running on almost any mobile phone".

The 150-odd threats of this type directly rob the user by sending SMS messages to premium-rate numbers. These threats are primitive at present, yet effective even so. Kaspersky anticipates "a continued increase in the number of malicious programs with Trojan-SMS behavior".

Spam Versus Antispam

On the spam front, spammers are devising new techniques to foil community-based antispam products like Cloudmark Desktop, iHateSpam, and SPAMfighter Standard. These products rely on the fact that identical spam messages are sent to thousands or millions of recipients. When enough community members flag a message as spam the product filters it out for all other members.

To determine whether a given message is a known spam message, the product boils the message content down to a checksum and submits it to the antispam product's database. Spammers are now inserting randomized text so that every user receives a slightly different message. Among their techniques are invalid HTML tags, comment tags, and random UTF-8 character encodings. None of these are displayed, so all recipients see the same message. But to the community-based spam filter each message is unique.

Of course there's a lot more in these reports. The malware trends report alone contains over 9,000 words and dozens of charts. If you're interested in further reading, Kaspersky has placed the full malware trends and spam trends reports online.