Number of threats reported on the rise

Trend Micro Inc, a pioneer in secure content and threat management released its first quarter threat landscape review.

 In the report, threat data from the last five quarters shows that, after an observed slump, the number of threats reported in the wild is on the rise again. The slump that followed the steady increase of the global outbreak era was a result of a shift in the threat landscape with targeted attacks replacing fast-spreading worms. The sudden increase in the number of threats witnessed this quarter does not, however, signal a return to the outbreak era.

Before the age of targeted attacks, increased prevalence of threats often meant that the few prominent malware families stepped up their attacks and found success through enhanced propagation methods or the deployment of new variants carrying exactly the same payloads. The increase this quarter can be attributed to an increase in the number of smaller, focused attacks that have become characteristic of today's threat environment. These attacks are working well for their instigators as they are leveraging variants and similar techniques to conduct additional attacks and moving their attacks to different regions as well.

The most prevalent threats this quarter indicate a spillover from the outbreak era, with some prominent malware families represented by a variant or two: NETSKY, BAGLE, MYDOOM, MOFEI, PARITE. Their significant presence in the wild exemplifies the lasting widespread effect of the propagation techniques and social engineering tactics that were set in motion during that era.

The Top 20 List

The first quarter saw more worms top the charts with WORM_NYXEM.E, a mass-mailing, network-propagating worm powered by an adult-themed social engineering scheme, continuing to lead the list. Worms of old, such as NETSKY and BAGLE, still prevail due to the amount of users who do not update their security software or lack it altogether.

Social Engineering Tactics Continue to Rise
The rise of social engineering is the result of two factors:

Changing threat objectives--from notoriety to monetary rewards
Changing approach--from targeting the global computing population to focusing on specific user segments or regions.

While social engineering in the outbreak era used the blind hit-and-miss method, today's carefully planned, sequential attacks tailor their schemes to the targeted segment and are deployed where and when recipients may actually be misled.

A popular social engineering technique used in the first quarter was the use of email messages carrying subject lines about current events, including world and local politics and regional incidents. This year's first prominent threat, TROJ_SMALL.EDW, was spammed via email messages that promised more information about a winter storm battering Europe, as the storm was at its peak.

Blended Threats Continue to Dominate
TROJ_SMALL.EDW's partner, WORM_NUWAR.CQ, is an indication of the enduring popularity of blended threats among cyber criminals. WORM_NUWAR.CQ is part of a malware family that is notorious for its use of war-related email messages. Second-generation NUWAR variants stepped up the family's social engineering scheme by querying the widely-read news site CNN.com for the "Most Popular" section, and then using the search results as email message content.

Web Threats Keep Coming
The first quarter witnessed more Web-borne threats, as expected. In addition to the previously mentioned SMALL trojan, TROJ_ZLOB was used in attack on the website of the Miami Dolphins Stadium a few days prior to the Super Bowl. Spyware families, such as TSPY_BANKER and TSPY_BANCOS, were prominent in South America, while spyware targeting online gamers continued its rise in Asia.

Fresh Phish for Sale
In terms of phishing techniques, the use of URLs that are active for short time periods doubled this quarter compared to last year. The growth of this technique is due, in part, to the advent of rock phish kits, which help hackers easily create phishing URLs and made their rounds on the Internet late last year.

Spam on the Rise in Asia
Commercial and financial spam were still the most prevalent. Japanese and Chinese are the top non-English spam languages, moving ahead of Russian and Spanish, last year's top non-English languages. The volume of Asian language spam continued to increase as a result of tightening legislation in the US and Europe against unsolicited email.

About Trend Micro Incorporated
Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through corporate and value-added resellers and service providers worldwide. For additional information and evaluation copies of Trend Micro products and services, visit our Web site at www.trendmicro.com.