APWG Cybercrime Report: Data-Stealing Malware Growth Spikes in H1 2011

CAMBRIDGE, Mass.--(BUSINESS WIRE)--

The APWG reports in its H1 2011 Phishing Activity Trends Report this month that the propagation of some forms of crimeware surged in the half-year period ending in June, 2011 with data-stealing malware reaching and maintaining a new plateau of contagion.

In the first six months of 2011, data-stealing malware and generic Trojans increased from 36 percent of malware detected in January, 2011 to more than 45 percent in April, subsequently maintaining a proportion of well over 40 percent for the rest of the half. The former high for this metric was 44 percent, in a one-month spike, in August of 2010.

This metric is a key indicator of cybercrime trends, as data-stealing malware is typically designed to send information from infected machines, to control them, and/or to open backdoors on them.

Patrik Runald, Senior Manager, Security Research for Websense and a Trends Report contributing analyst said, "The first half of 2011 saw an increase in not only the amount of malicious samples received but more importantly, malware files going after confidential information such as credit card data, social security numbers and credentials to financial websites.

“With cybercrime being an industry generating hundreds of millions of dollars for the bad guys it's clear that this is a trend we will see for a long time,” Runald said.

Similarly, according to Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst, Trojans accounted for 72 percent of the new samples created in H1, 2011, a substantial increase from H2, 2010 when Trojans only accounted for 55 percent of the total sample set recorded.

While conventional, spam-based phishing attacks are not attaining the relentless month-over-month global growth of years' past, there are indications that new and major phishing hot spots within emerging-market nations are appearing.

Ihab Shraim, Chief Security Officer and Vice President, Network and Systems Engineering and Trends Report contributing analyst said, “In the first half of 2011, MarkMonitor saw a significant rise of phishing attacks when compared with 2010. Furthermore, phishing attacks are increasingly targeting brands worldwide and, notably, in emerging markets such as Latin America, Middle East and Asia.”

The full text of the report is available here: http://apwg.org/reports/apwg_trends_report_h1_2011.pdf

Other highlights of the report include:

● The half's high for unique phishing reports submitted to APWG of 26,402 in March was down 35 percent from the all-time high of 40,621 in August, 2009

● Unique phishing websites detected during the half reached a high in March with 38,173, down more than 32 percent from the record of 56,362 in August 2009

● The number of phished brands reached a high in the half of 339 in January, down 5 percent from the all-time high of 356 reached in October, 2009

● After cracking into the top 10 last November, Egypt has ranked in the top three hosting countries for four out of the first six months of 2011

● The top 10 most prevalent families of fake anti-virus software are responsible for more than 69 percent of the infections caused by rogueware

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's Web www.apwg.org and education.apwg.org websites offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and sponsor of the eCrime Researchers Summit, the world's only peer-reviewed research conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.

Among APWG's corporate sponsors are as follows: Afilias Ltd., AhnLab, AT&T(T), Avast!, AVG Technologies, BBN Technologies, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies , Comcast, CSIRTBANELCO, Cyber Defender, Cyveillance, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST Soft, Facebook, Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, HitachiJoHo, Huawei Symantec, Iconix, IID, IronPort, ING Bank, Intuit, IT Matrix, Kindsight, LaCaixa, Lenos Software, MailShell, MarkMonitor, M86Security, McAfee (MFE), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MyPW, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, Return Path , RSA Security (EMC), RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Vasco (VDSI), VeriSign (VRSN), Websense Inc. (WBSN), Wombat, Yahoo! (YHOO), zvelo and ZYNGA.