Viruses up 300 per cent: more threats coming from India and Brazil

29/7/09

29 July 2009 - The number of viruses sent over email has increased by 300 per cent in the last three months, according to managed security firm, Network Box. 

Analysis of Internet threats by Network Box in July 2009 shows the number of viruses is at its highest so far this year, peaking at around 12 viruses per customer per hour.

An increasing number of these viruses (5.2 per cent) are originating from India, which is the fourth largest source of Internet threats behind the US (16.59 per cent), Brazil (14.11 per cent) and Korea (6.2 per cent). This is notable as it is the first time that such a significant proportion of the world’s Internet threats have originated from India.

It is unsurprising that India is making inroads as a major threat source, according to Simon Heron, Internet Security Analyst for Network Box: “India is a major economic force, with an increasing IT infrastructure and IT industry. A growing middle class with disposable income means an increasing take-up in computers and bandwidth. However, the economy remains difficult to regulate. This results in significant numbers of illegal copies of operating systems, which don’t get patched or updated. They then become infected and so in turn become sources of malware.”

Although the percentage of threats coming from the US is still high at 16.59 per cent, it has reduced from 21 per cent in June.  The US has also reduced its proportion of spam slightly from 11.2 per cent to 10.2 per cent. Brazil has overtaken the US as the single biggest source of the world’s spam, now producing more than 12.6 per cent.

Heron says this is in part a result of the sheer volume of spam and malware coming from other parts of the world: “The major reason for a decreasing proportion of attacks from the US is the increase from other areas, particularly Brazil, China, Korea and India.

“However, over the past year we’ve also seen the US close down three significant data centres acting for botnets. The most notable one was McColo, but the demise of EstDomains and Atrivo has also contributed to a slow down in the number of threats coming from the US. The global picture, though, shows spam levels back to the same levels, or higher, than before these hosting companies were closed down.”

Phishing attacks have also significantly increased from last month, now making up more than 36 (36.52) per cent of all viruses, against around five per cent last month.

Top Ten Viruses

Threat Name Daily Average %
spam.phish.url 35.94083
trojan-spy.html.fraud.gen 20.64723
nbh-bbadhdr 16.01426
nbh-bscript 5.62048
spam.porn.porn_nb_pornscore_low 4.33847
spam.porn.porn_nb_pornhint_34 1.10376
spam.porn.spam_nb_porn_subj_csk_1 0.96276
clm.html.phishing.bank-1235 0.92454
nbh-bhidifm 0.87228
nbh-biframe 0.72953

Top Ten Trojans

Threat Name Daily Average %
trojan-spy.html.fraud.gen 0.37986
trojan-downloader.win32.injecter.ga 0.00063
trojan-spy.win32.zbot.xud 0.00038
trojan-spy.win32.zbot.xen 0.00030
trojan-downloader.win32.pif.pt 0.00004
trojan.pif.starter.f 0.00004
trojan.win32.buzus.bmer 0.00004
trojan.win32.vb.rwd 0.00003
trojan-dropper.msword.1table.gw 0.00003
trojan-downloader.win32.pif.px 0.00003

Top Ten Intrusions

Threat Name Daily Average %
NETBIOS 37.37194
BOGON 8.58712
HTTP-S-WEBDAV 1.03669
PINGFLOOD 0.47237
ICMP 0.08360
SOBIG-F 0.02487
HTTP-S-WEBDEX 0.01234
HTTP-S-UNIXATTACK 0.00978
HTTP-S-NIMDA 0.00385
FTP-S-LOGONOV 0.00106

Top Ten Sources of Viruses

Country Daily Average %
US 16.59506
Brazil 14.11842
Korea 5.46079
India 5.26836
Russia 3.85454
Turkey 2.94259
Canada 2.90548
Argentina 2.41993
China 2.36193
UK 2.25123

Top Ten Sources of Spam

Country Daily Average %
Brazil 12.62169
US 10.23170
Korea 6.23928
China 5.93384
India 5.17773
Vietnam 4.00079
Russia 3.77188
Turkey 3.58568
Poland 3.35632
Italy 2.39342

Top Ten Sources of Intrusions

Country Daily Average %
Korea 21.46252
US 10.29074
Hong Kong 8.77671
Malaysia 7.04941
Brazil 6.50459
China 6.24986
Vietnam 3.43225
India 3.11539
Russia 1.78445
UK 1.53071

Back