RealTime IT News

Trojans on The March

Stats from at least three different security vendors make clear the trend, perhaps even bode well for their businesses: Malware is growing.

Although virus rates themselves may be falling, Trojans are picking up the slack at an alarming rate, the vendors said.

Another common trend: The growth of malware is almost exclusively targeted at Windows operating system-based PC's, prompting one security vendor to advise users to switch to Apple Macs.

They all found similar staggering stats on the amount of malware out there.

Security vendor McAfee  said it now supports 200,000 threats with security updates, a jump of 100 percent within two years. In the first six months of 2006 alone, McAfee added 32,000 new threats that it helps customers thwart.

Sophos reported that it is now protecting against 180,292 malware threats in June of 2006, up by 28 percent since June of 2005. Panda Software Labs reported that over the last six months it detected 19,367 new viruses.

The sheer volume of malware may well just be a ruse.

"Malware creators are making us work hard, but with no sense. It's many codes without a real danger," Panda Software Labs spokesperson Carolina Sanabria told internetnews.com. Why? The malware writers are trying to keep the vendors busy while they target malware attacks, such as specific threats sent to specific users for theft purposes, she added. "That's the new malware dynamic, absolutely confirmed in this half of 2006."

MessageLabs' mid-year report said Trojan attacks jumped six-fold in the first six months of 2006. Sophos is reporting that new Trojans outnumber worms and viruses by a 4-to-1 margin, compared to a 2-to-1 ratio in 2005.

"Figures may vary from one company and other, of course, but undoubtedly the Trojan hordes, due to their capability to steal passwords, give the creators the chance of stealing money," Panda Software Labs' Sanabria said. "They prefer money more than fame nowadays. That's the reason for more trojans than other types."

The stats arrive at a time when the "classical" viruses (file virus, macro virus, etc) are considered almost dead by firms such as Panda. "The prevalence of those codes is near zero," Sanabria continued.

She also noted that the malware outbreak is targeted almost exclusively at Microsoft Windows PC users. Sophos is advising home users to consider moving to an Apple Mac.

Ron O'Brien, senior security analyst at Sophos, explained to internetnews.com that the Mac statement was made in the context of whether the end user is committed to the effort or time to manage and maintain a safe and protected Windows environment. If not, he said, then perhaps Mac would be a more viable alternative. That same statement could apply to a decision to run Linux.

Though Microsoft's Windows Vista may be an improvement, it won't necessarily stop attacks either, according to O'Brien.

"The introduction of new security measures, including some planned for Vista, may slow down the rate at which machines are impacted by malware, O'Brien said. But its unlikely the trend will go away. "Vista will be a hurdle but not an obstacle."

Microsoft, for its part, said it believes Windows customers are becoming increasingly more secure, thanks in part to Microsoft's Malicious Software Removal Tool (MSRT).

Microsoft claims in a recent report that since it released MSRT, over 270 million unique computers ran the tool for about 2.7 billion executions of the removal tool. Out of that, MSRT has removed 16 million malware instances in the last 15 months.

"It's important to remember that no software is 100 percent secure," a Microsoft spokesperson told internetnews.com. "While we recognize that our methodology for gathering data on malware is different from Sophos, we believe our report represents a very accurate view of the malicious software that exists on the Windows platform."

Also, the spokesperson said if you look at the data in Microsoft's analysis, you can see that a large percentage (over one-third) of malicious software that exists is due to social engineering, which means the person was tricked into installing the malicious software package and that no software vulnerability was present.

"While technologies such as User Account Control in Vista can help mitigate the effects of social engineering threats, no mainstream operating system can claim to be impervious to social engineering threats," the spokesperson added.