We gathered malware data from January to November 2008 to give us an idea of just how dangerous surfing the Internet is. We analyzed the arrival methods of the top 100 malware infecting the most number of systems for the said period and came up with the following statistics:
Figure 1. Infection Vectors of Top 100 Malware
Coverage: Malware Analyzed by Trend Micro Researchers
Date Range: January 1, 2008 to November 25, 2008
This allows us to make some interesting insights:
- Globally, the source of the most number of infections for these top 100 malware is the Internet, specifically in surfing unknown or malicious sites, or accepting links offered in unsolicited email.
- The second highest source of infections is the presence of other malware on already infected systems. Since threats today are multipcomponent, malware routine frequently include retrieving files from remote locations and downloading them onto the PCs for added functionality or stealth.
- The third highest source of infections is the opening of email attachments that come from unknown or malicious sources.
- The percentages do not add up to 100% because most malware we have analyzed arrive on systems using more than one infection vector. This reflects the inherent flexibility of using the Internet: a Trojan may be hosted on a malicious website, which can reach a target system through (1) a spammed email containing a link to the Trojan, (2) direct download by accidentally surfing malicious sites (in search of, say, application cracks), (3) drive-by downloads (as in visiting a hacked legitimate site which has scripts that download and execute the Trojan automatically on visitors’ PCs), or (4) as a file downloaded by other Trojans already on the system.
Regional data reflects the same general trend:
Although overall still the land of adware, North America’s threat profile includes data-stealing malware that arrive via the Web.
Figure 2. Infection Vectors of Top Malware in North America
Malware borne by removable drives (portable / external hard drives, thumb drives, flash disks, memory cards, etc.) are at 15% in Asia and Australia. Most Asian countries have autorun malware as their top infectors, the highest concentration compared to other regions. However, the prevalence of file infectors and online gaming spyware in China has diluted this profile.
Figure 3. Infection Vectors of Top Malware in Asia and Australia
The top malware infecting PCs in Europe, Middle East and Africa (EMEA) also included several autorun malware, although in terms of number of PCs infected by any one malware, notorious Trojan downloaders are prominent in this region. EMEA also registered several infections via malicious iframes.
Figure 4. Infection Vectors of Top Malware in Europe, Middle East and Africa
Latin America’s top threats are varied in profile but the persistence of multicomponent attacks are distinctly apparent. Several malware found in PCs have in fact been dropped by other malware already present in the PC.
Figure 5. Infection Vectors of Top Malware in Latin America
Note however that this is not representative of the profiles of all malware samples–admittedly nobody can lay such a claim on any existing data set. What we are saying is that a majority of the top 100 malware that was most prevalent during this year arrived by surfing malicious or unknown sites. A sad confirmation that despite all awareness campaigns for safe computing, users still tend to victimize themselves out of curiosity.