If malware were biological, the world would be in the grip of the worst pandemic in history. In 2009, more than 25 million different unique malware programs were identified, more than all the malware programs ever created in all previous years (see the annual report from Panda Labs). That's a pretty incredible statistic. Malicious programs now outnumber legitimate ones by many orders of magnitude.
The world's largest cloud computing user? Not Microsoft, not Google, not Amazon.com. The ringleaders of the Conficker botnet, with more than 4.6 million infected computers under their control, win by a mile. Some antimalware vendors report that 48 percent of the computers they scan are infected (see page 10 of the APWG Phishing Activity Trends Report) with some sort of malware. Trojan horse programs make up 66 percent of all threats (see page 4 of the annual report from Panda Labs).
[ Get the full scoop on successfully defending against modern malware in the InfoWorld "Malware Deep Dive" PDF special report. | Better manage your company's information security with our Security Central newsletter. ]
No one need wonder what malware is trying to do: It's trying to steal money, whether it's through data theft, bank transfers, stolen passwords, or swiped identities. Each day, tens of millions of dollars are stolen from innocent Internet victims. And yet many computer defenders can't tell you what the biggest threat is to their environment. If you don't know the biggest threats, how can you defend against them properly?
Today's malware differs dramatically from the threats we faced just 10 years ago, when most malicious programs were written by young men looking to earn cyber bragging rights. Most malware made the user aware of its existence through a displayed message, music (as in the Yankee Doodle Dandy virus family), or some other sort of harmless mischief. Those were the days.
Thoroughly modern malware
Today's malware is written by professional criminals. In most cases, users are unwittingly tricked into executing a malicious program in the form of a Trojan horse. Users think they are installing needed software, often "recommended" by a site they trust. In fact those sites are recommending nothing of the kind. Malware producers routinely break into legitimate websites using found vulnerabilities and modify existing Web pages to include malicious JavaScript redirects. Or the malicious code is hidden inside a banner ad on a website, supplied by legitimate ad services.
Either way, when the user surfs to the legitimate website, the malicious JavaScript is loaded, and it either prompts the user to install a program or redirects the unknowing user to another website where they are told to install a program.
Trojans lead the pack
Trojans typically camouflage themselves as downloadable antivirus scanners, "needed" patches, malformed PDF files, or add-on video codecs required to display an exciting video. Most of the fake programs have the clean look and feel of a real app. Even career antimalware defenders find it hard to tell the difference between what is real and what is fake.