News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Security News Russia

Subscribe & Follow

Advertise your job vacancies
    Search jobs

    Kaspersky Lab reports on malware in July 2011

    MOSCOW, RUSSIA: Cybercriminals switch to payments in frequent flyer miles and release new 'spy' for android... The experts at Kaspersky Lab present their monthly report about malicious activity on users' computers and on the Internet.
    Kaspersky Lab reports on malware in July 2011

    July in figures

    The following statistics were compiled in July using data from computers running Kaspersky Lab products:

    • 182 045 667 network attacks blocked;
    • 75 604 730 attempted web-borne infections prevented;
    • 221 278 929 malicious programs detected and neutralised on users' computers;
    • 94 004 507 heuristic verdicts registered.

    This is how the situation looks when compared to June:

    Number of threats detected in various categories. Source: KSN data
    Number of threats detected in various categories. Source: KSN data
    click to enlarge

    Trojan's mobile versions

    As protection of online banking security continues to develop, cybercriminals are increasingly supplementing spy Trojans operating on users' computers with mobile modules so they have a better chance of stealing money from the victims' bank accounts.

    A new version of the mobile spy Trojan ZitMo was detected in July capable of stealing mTAN codes, one-time passwords used when performing a remote transaction and sent to the bank customer via SMS. The mobile version of the notorious ZeuS Trojan has already been detected running on Symbian, Windows Mobile and BlackBerry platforms and now it has added Android devices to its list.

    If a user's computer is infected with ZeuS, and the mobile phone is infected with ZitMo, the cybercriminals gain access to the victim's bank account and can intercept the one-time transaction password sent by the bank to the user. In this case, even authentication using mTAN codes cannot prevent the victim's money from being stolen from their bank account.

    Forbidden domain

    It's not only antivirus vendors who give cybercriminals a hard time. Last month Google excluded more than 11 million URLs with *.co.cc addresses from its search results. The 'blocked' domain zone is among the largest globally, ranking fourth after .com, .de and .net in terms of registered domain names. In most cases the domain's URLs are used by cybercriminals to spread rogue antivirus programs or conduct drive-by attacks. However, it is difficult to say how successful Google's campaign has been - there are indeed fewer cybercriminals using the .co.cc domains, but they have merely started using the services of other domain zone registrars.

    Flying phish

    Once again our prediction that 2011 would be the year that cybercriminals target absolutely any kind of data has proved only too true. In July, the experts at Kaspersky Lab uncovered an interesting development - Brazilian phishers have started stealing the 'miles' accrued by frequent flyers. Not only are they using them to buy tickets but also as a form of currency. In one IRC message, a cybercriminal was selling access to a Brazilian botnet that sends spam in exchange for 60 000 miles, while in another message air miles were offered for stolen credit cards.

    Malware rating

    Drive-by-download attacks remain one of the most popular methods of infecting users' computers with malicious programs. Every month new entries that facilitate such attacks - redirectors, script downloaders and exploits - appear in the Top 20 malicious programs on the Internet. There were a total of 11 in July.

    More detailed information about the IT threats detected by Kaspersky Lab on the Internet and on users' computers in July 2011 is available at: www.securelist.com/en.

    Let's do Biz