Kaspersky Lab analysts surveys the trends of 2006 and looks at what 2007 may bring.

Malware Evolution: 2006 provides an overview of the most important incidents in the malware world, highlights the main trends, and examines how the situation will evolve. Particular stress is laid on the continuing increase in the number of Trojan programs, particularly those designed to steal online gaming account data; the first viruses and worms for MacOS; and Trojans for J2ME, which are designed to steal funds from mobile user accounts.

The number of new malicious programs was up 41% on 2005. As for the future evolution of malicious programs, Kaspersky Lab virus analysts believe that virus writers and spammers will work ever more closely together; the number of Trojans will continue to increase; and that virus writers will be on the lookout for exploitable vulnerabilities in Vista.

Data provided by the Kaspersky Spam Lab shows that in 2006, between 70% and 80% of mail traffic on the Russian Internet was spam. The majority of spam sent to Russian users originates in Russia, the U.S.A. and China. Spammers actively used graphics in order to evade spam filters. They are also continued to send spam masquerading as personal correspondence in order to get the recipient to read the whole message and then act as the spammers intended, whether by calling a designated number or clicking on a link. The report on spam evolution also highlights how mass mailings differ from each other according to language: most Russian language spam offers education and training, and a wide range of goods ranging from busts of the Russian president to a device which will ‘translate’ a dog’s bark. English language spam, on the other hand, tends to focus on advertising for stocks and shares, Viagra and cheap software.

The report also notes that spam became increasingly criminalized in 2006, with spammers actively using SMS to spread spam. The company’s analysts believe that technologies currently in use will continue to evolve in 2007, together with further development of graphical spam, and increased criminalization of mass mailings.


Year End Results

The trends seen in malware evolution in previous years continued throughout 2006; as usual, Trojans were far more numerous than worms, and the number of new malicious programs designed to inflict financial damage increased.
In 2006 Trojans made up more than 90% of all new malware programs (both new families and new variants).

Breakdown of malicious programs by class at the end of 2006.
The number of Trojan programs has been steadily increasing over the last few years. This is because they are relatively easy to write and use in order to steal information, create botnets and carry out spam mass mailings.

The most interesting trends in 2006 included a steady increase in the number of Trojan spy programs. These are designed to steal information from users with accounts in online games. Another interesting trend was the continued evolution of Trojans designed to encrypt data. Such programs began to use professional cryptographic algorithms for encrypting data.

Programs classified as Trojan-PSW, most of which are meant to steal user account information from the players of online games, achieved the highest growth among all programs classified as TrojWare (+125%).

The number of worms and viruses (classified as VirWare) fell by 1.3%. This was a much smaller decrease than the -6.53% recorded in 2005 and was due to the class's already very low numbers. Programs classified as VirWare are not expected to continue to decline in future; rather, they are likely to reach a state of equilibrium.

In terms of the MalWare category, the most important factor in 2006 was an increased focus on MS Office by virus writers, and the consequent appearance of a large number of exploits for MS Office.

Another very significant event was the appearance of the first “real” viruses and worms for MacOS as well as Trojans for the J2ME mobile platform. These last were designed to steal money from mobile user accounts.
Overall, the number of new malicious programs rose 41% from 2005.

Virus writers are focusing more actively on using nonstandard infection vectors: instant messaging (IM) programs, such as ICQ, AOL and MSN. became some of the most dangerous Internet-based applications. Of course, this is directly connected with the large number of vulnerabilities in popular browsers, primarily Internet Explorer.

Overall, it was an interesting year from a technical point of view, and happily the year passed without a single global epidemic on the scale of those seen in 2005, such as Mytob. On the other hand, global epidemics were, to some extent, replaced by local epidemics which were designed to hit certain specific areas (China, Russia, etc.) or extremely short-lived burst of activity.

In 2006 seven major virus epidemics were recorded – half the number recorded in 2005. The 2006 epidemics can be divided into four groups: those caused by Nyxem.e, Bagle and Warezov variants, and several variants of Gpcode, the RansomWare Trojan.

Protect your PC against security threats with industry leading software from Kaspersky! Click Here