Today
we're announcing results of a study that analyzed 67 million computers in 2008
and revealed that 1.1 percent of the worldwide population of Internet users
have been actively exposed to identity theft malware. We predict that the
infection rate will increase by an additional 336 percent per month throughout
2009, based on the trend of the previous 14 months.

Here
are the highlights from our study on the evolution of online identity theft:

Over
three million of the audited users in the U.S. and more than 10 million users
worldwide were infected with active identity theft-based malware last year

1.07%
of all PCs scanned in 2008 were infected with active malware (resident in
memory during the scan) related to identity theft, such as banker Trojans

35%
of the infected PCs had up-to-date antivirus software installed

The
number of PCs infected with identify theft malware increased by 800 percent
from the first half of 2008 to the second half

Arizona, California and Florida
continue to be the states with the highest per-capita incidence of reported
identity theft

Active
malware means malware that is loaded into the PC's memory and actively running
as a process. For example, users of PCs infected with this type of identity
theft malware who utilize online services such as shopping, banking, and social
networking, have had their identities stolen in some fashion. According to the
Federal Trade Commission (FTC), the average time victims spend resolving identity
theft issues is 30
hours per incident
. The cumulative cost in hours alone from identity theft
related malware based on Panda Security's projected infection rate could reach
90 million hours. 

The
study revealed that an alarming 35 percent of the PCs infected with this type
of malware were using up-to-date antivirus software. Antivirus labs are
receiving a massive amount of new malware samples each day (22,000 new samples
per day according to PandaLabs), and antivirus vendors are continually updating
their services to keep up with the overwhelming volume of new malware surfacing
each day. AV detection labs such as PandaLabs have made advances in automated
detection and classification capabilities. These new detection methods as well
as improved surveillance and cloud-based detection techniques have reduced the
risk of individual identity theft incidents and its associated costs. Some
global banks, notably in Brazil,
have made changes to banking authentications using electronic tokens and
virtual keyboards, but these approaches have been slow to be adopted in the U.S.