infographic: 5 most dangerous malware trends of 2013
DESCRIPTION
The five most dangerous malware trends of 2013: http://securityintelligence.com/5-dangerous-trends-malware-2013/TRANSCRIPT
Zeus 2.1(P2P Zeus, Gameover Zeus)
ChromeCitadel
In 2012 Citadel and Zeus 2.1 (aka P2P Zeus, Gameover Zeus) began targeting Google Chrome with Man-in-the-Browser (MitB) attacks
Why it's dangerous:
Why it's dangerous:
The emergence of malware targeting the Google Chrome browser
MOST DANGEROUSMALWARE TRENDS OF
2013DANGER DANGER
DANGER DANGER
DANGERDANGER
DANGER
Detection-aware malware targeting enterprises
The emergence of native 64-bit Windows malware
Big increase in new and modified financial malware families
In 2012, the number of completely new financial malware families almost doubled from 3 in 2011 to 5 in 2012. It’s important to note that many different configurations (variants) can exist within one malware family. We expect this trend to continue with even more new malware families introduced next year.
In 2012, the four phases of the malware lifecycle (incubation, outbreak, botnet and retirement) among the variants we investigated accelerated significantly compared to 2011. Because security products continue to improve detection, the window of opportunity for malware to remain undetected is decreasing.The incubation and outbreak phases decreased from one month or more in 2011 to approximately two weeks in 2012. We expect this time frame to shrink even further next year.
2011
2012
2013
53
Malware families
8
In 2012, financial and non-financial malware variants that could detect virtualization, debugging, sandboxing, and monitoring processes on the host machine became more prevalent. For example, a recent Shylock variant will not install when it detects a Remote Desktop session, most likely to avoid detection in a “lab” environment.
Why it's dangerous:These capabilities present a serious threat to virtual machine-based detection and protection products, since the malware would appear to be harmless to these security tools.
Malware lifecycle is accelerating
In 2012, we began seeing financial malware developing native 64-bit Windowscapabilities
64bit32
bit
VS +
Lifecycle
incubation
outbreakbotnet
retirement
2011 2012 2013
2
1
3
4
5
32-bit malware is handicapped when it runs on 64-bit machines. That’s because the 32-bit malware cannot see or penetrate the “native” 64-bit system processes it uses to evade detection.
As malware variants start supporting 64-bit processes, they will once again be difficult to detect on 64-bit machines.
Why it's dangerous:
The faster the malware lifecycle, the more difficult it is for security products to detect, block and remove malicious software.
In an accelerated lifecycle environment, the fraud is already committed before traditional anti-virus/anti-malware products discover the malware.
Why it's dangerous:
More financial malware families mean more infections, longer detection times, and consequently more financial fraud incidents.
Google Chrome is no longer immune to MitB malware