Norman Releases Report on Malware Trends for First Half 2010

FAIRFAX, Va., July 7 /PRNewswire/ -- Norman, a leading global security innovator serving single consumer desktops to complex corporate and government networks, today issued a report detailing top security Internet threat trends for 2010.

"Cyber criminals are putting increasing emphasis on using social media platforms like Facebook and Twitter as effective 'spread mechanisms' for malicious software," said Arvid Gomez, Norman vice president, OEM and Technology. "In the past, they put nearly all of their efforts into compromising PC operating systems. As social media use becomes part of the fabric of our daily life, Internet users need to make certain they are taking the necessary steps to protect their privacy and security."

W32/Koobface and Facebook

One example of social media malicious software, or malware, gaining momentum in the first half of 2010 is W32/Koobface. Malware in the W32/Koobface family first appeared in 2008, became widespread during 2009, and continues to be a major threat to Facebook users in 2010.

A computer infected by Koobface automatically sends messages with malicious links to the computer owner's contacts on various social networking sites. The worm will search through cookies on the computer looking for login credentials for various social networking sites. Using the information gathered from the cookies, the worm connects to these sites and starts sending messages to friends and contacts.

Fake Antivirus Programs

Norman security experts note that fake antivirus programs continued to plague many home PC and business users.  Rogue antimalware programs have been around for a long time. In recent years however, they have become increasingly widespread, and represent a major problem. These programs can be difficult to erradicate, as they often consist of many different malicious elements.

The most-used spreading mechanism for rogue antimalware programs is "drive-by infections" delivered from visiting web sites. A popular technique is to manipulate search engines to display results from web sites that are infected by fake antimalware. The rogue programs often focus on "hot" search words, which might include major events, like the World Cup, and other topics such as celebrities and entertainment that people usually search heavily. Also new, non-planned events are ideal for search engine manipulation.

TDSS, A Malware Summer Cocktail

In the "good old days" of malicious programs, security organizations and users faced a less complex malware threat. The most-used technique for a malware author was to create one malicious program, using different techniques for propagation.

Now, Norman experts see malware cocktails as the general trend. These cocktails are composed of a whole range of different types of malicious programs, as well as the same types with various malicious functionalities.

Such malware cocktails are often delivered with a rootkit, which makes detection significantly more challenging. A rootkit is typically malicious software which is designed to gain administrator-level control over a computer system without being detected.

One malware cocktail that was a big problem in the first half of 2010 was the TDSS program. TDSS is malicious software designed to hide the existence of any process on the infected machine in order to perform harmful and dangerous actions. TDSS may also replace essential system executable files, which may then be used to hide processes and files installed by the attackers.

Thus, the challenge for "the good guys" is fundamentally changed as it no longer suffices to detect and remove one specific malicious program. Other parts of the malware cocktail may still be active on the infected computer/network and re-infect and/or download new components. This severely complicates the task of cleaning infected systems.

Don't Forget Conficker

Of course, tried-and-true malware like Conficker is still kicking around and should not be taken lightly. The Conficker worm first appeared near the end of 2008, and the Conficker family of worms reached its peak in 2009. However, it was still a major problem for many users during the first half of 2010.

W32/Conficker exists in several variants and is a network propagating worm that has the ability to update itself by downloads from the Internet. These downloads are from a subset of servers chosen by the worm from a large set of potential download servers.

Norman's Proactive Security Solutions

Norman offers a full portfolio of proactive security solutions to the U.S. market, from solving consumer and business desktop security challenges to helping protect large service providers and government agencies from malicious cyber attacks.  Norman recently released Security Suite PRO, which offers the industry's most advanced protection at the desktop level against all types of Internet malware threats such as viruses, worms, trojans, spyware and hackers.

Norman Security Suite PRO includes advanced technologies such as Norman SandBox®, Norman Exploit Detection and Norman DNA Matching for proactive security. Norman's solutions also include Endpoint Protection for corporate networks, the Norman Network Protection appliance for layered security of network traffic, and the award-winning Norman SandBox technology, automated malware analysis for security professionals.

The complete Norman analysis report for 2010 is available at http://www.norman.com/security_center/security_center_archive/2010/84466/en

About Norman

Norman ASA, founded in Oslo, Norway in 1984, is a world leader and pioneer in proactive content security solutions and forensics malware tools. Norman offers malware analyzers, network security and endpoint protection solutions to meet customer's security needs. Norman solutions are available through Norman subsidiaries and a network of partners around the world. www.norman.com

SOURCE Norman ASA