Kaspersky Lab: Turbulent quarter as hacktivism increases
August 2011 by Kaspersky Lab
After analysing vast numbers of IT threats during the second quarter of 2011, Kaspersky Lab announces the key trends in its latest quarterly malware report.
Navigating the web remains the riskiest activity on the Internet, with malicious URLs that serve exploit kits, bots, ransomware Trojans, etc. being the most frequently detected objects online (65.44 per cent).
87 per cent of the websites used to spread malicious programs were concentrated in just 10 countries. The first two locations were the US and Russia. The Netherlands led the way in reducing the number of malicious hosting sites: compared to the previous quarter, its share has fallen by 4.3 per cent to 7.57 per cent. This is down primarily to the efforts of the Dutch police and includes the neutralising of botnets such as Bredolab and Rustock.
Kaspersky Lab experts have divided countries into groups according to their local infection levels:
High-risk countries (41-60 per cent unique users subject to web attacks)
This group includes: Oman, Russia, Iraq, Azerbaijan, Armenia, Sudan, Saudi Arabia and Belarus. Newcomers to this group in Q2 were Sudan and Saudi Arabia, while Kazakhstan dropped down a level.
Average risk group (21-41 per cent)
This group is made up of 94 countries, including: the US, China, the UK, Brazil, Peru, Spain, Italy, France, Sweden and the Netherlands. It is particularly noteworthy that the US, at 40.2 per cent, is very close to joining the high-risk group of countries due to the increase in the number of FakeAV detections.
Safe-surfing countries (11.4-21 per cent)
This group is comprised of 28 countries and included Switzerland, Poland, Singapore and Germany. In the second quarter of 2011, five countries left this group, including Finland, which entered a higher risk group with 22.1 per cent
India was among the top 10 countries in which users’ computers ran the highest risk of local infection. Every second computer in the country was at risk of local infection at least once in the past three months.
“Over the last few years, India has been growing steadily more attractive to cybercriminals as the number of computers in the country increases steadily. Other factors that attract the cybercriminals include a low overall level of computer literacy and the prevalence of pirated software that is never updated,” explains Yury Namestnikov, Senior Virus Analyst at Kaspersky Lab. “Botnet controllers see India as a place with millions of unprotected and un-patched computers which can remain active on zombie networks for extended periods of time.”
The five safest countries in terms of the level of local infections are: Japan, Germany, Denmark, Luxembourg and Switzerland.
For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found in Adobe Flash Player alone. Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs.
The second quarter of 2011 was eventful in terms of the hacking of major companies including Sony, Honda, Fox News, Epsilon and Citibank. The evidence surrounding the hacking of Sony’s services indicates that the main objective of the hackers was not for monetary gains, but rather it was part of a wave of “hacktivism” that is continuing to gain momentum. In the first quarter of this year a new group called LulzSec emerged, which over the course of 50 days, succeeded in hacking a number of systems and publishing the personal information of tens of thousands of users.
During the second quarter of 2011, the number of fake antivirus programs detected globally by Kaspersky Lab began to increase: the number of users whose computers blocked attempts to install counterfeit software increased 300 per cent in just three months.
According to Kaspersky Lab’s experts, the number of mobile threats targeting different mobile platforms continues to increase exponentially: detected threats running on J2ME doubled during Q2 2011, while the number of detections of malicious programs targeting Android nearly tripled. Once again malicious programs were detected in the official Android store Android Market.