More than half of all new malware attacks can be put down to Trojans, new intelligence on the internet threat landscape has revealed.
According to research carried out by IBM’s X-Force internet security group, Trojans comprised 55% of all new malware in the first half of 2009, a level which represents a 9% increase against the year-ago period.
“Information-stealing Trojans are the most prevalent malware category,” IBM confirmed in its X-Force 2009 Mid-Year Trend and Risk Report.
The report also reveals what it describes as “an unprecedented state of Web insecurity as Web client, server, and content threats converge to create an untenable risk landscape.”
IBM’s researchers have clocked a 508% increase in the number of new malicious Web links and a level of veiled Web exploits, especially in PDF files, which is now running at an all time high.
The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. PDF vulnerabilities disclosed in the first half of 2009 apparently surpassed disclosures from all of 2008.
“No one is to be trusted,” said X-Force Director Kris Lamb. “There is no such thing as safe browsing. We’ve reached a tipping point where every web site should be viewed as suspicious and every user is at risk.”
Interestingly, IBM’s mid-year security assessment shows that phishing has decreased dramatically, but could be shifting subtly in focus.
The nature of businesses being attacked with phishing has shifted with more companies that handle online payments being targeted and fewer banks. In the first half of 2009, 66% of phishing was targeted at the financial industry, down from 90% in 2008. Online payment targets make up 31% of the share.
Seemingly phishing accounted for just 0.1% of all spam in the first six months of this year. In the same period in 2008, phishing made up to 0.8% of all spam.