– PandaLabs Study Reveals Alarming Global Infection Rates of Identity Theft Malware 

– PCs infected with Identity Theft Malware Increased by 800 Percent from Q2 to Q4 in 2008

 

Panda Security, a world leader in IT security, today announced the findings from a comprehensive identity theft study conducted by PandaLabs, the company’s malware analysis and detection laboratory.

Based on the analysis of 67 million computers during 2008, PandaLabs revealed that 1.1 percent of the worldwide population of Internet users have been actively exposed to identity theft malware. Extrapolating the results from Panda Security’s online malware scanning service, ActiveScan, PandaLabs found that more 10 million users worldwide were infected with active identity theft-based malware last year .

According to one recent study published by an independent research firm, the mean cost per ID theft incident in the U.S. is $496.00, putting the total estimated risk of ID theft from malware in this country alone at approximately $1.5 billion . Following are highlights on PandaLabs’ key findings on the evolution of online identity theft:

• 1.07 percent of all PCs scanned in 2008 were infected with active malware (resident in memory during the scan) related to identity theft, such as banker Trojans

• 35 percent of the infected PCs had up-to-date antivirus software installed

• The number of PCs infected with identify theft malware increased by 800 percent from the first half of 2008 to the second half

• PandaLabs predicts that the infection rate will increase by an additional 336 percent per month throughout 2009, based on the trend of the previous 14 months Active malware means malware that is loaded into the PC’s memory and actively running as a process. For example, users of PCs infected with this type of identity theft malware who utilize online services such as shopping, banking, and social networking, have had their identities stolen in some fashion.

According to the Federal Trade Commission (FTC), the average time victims spend resolving identity theft issues is 30 hours per incident. The cumulative cost in hours alone from identity theft related malware based on Panda Security’s projected infection rate could reach 90 million hours. The study revealed that an alarming 35 percent of the PCs infected with this type of malware were using up-to-date antivirus software.

Antivirus labs are receiving a massive amount of new malware samples each day (30,000 new samples per day according to PandaLabs), and antivirus vendors are continually updating their services to keep up with the overwhelming volume of new malware surfacing each day. AV detection labs such as PandaLabs have made advances in automated detection and classification capabilities. These new detection methods as well as improved surveillance and cloud-based detection techniques have reduced the risk of individual identity theft incidents and its associated costs. Some global banks, notably in Brazil, have made changes to banking authentications using electronic tokens and virtual keyboards, but these approaches have been slow to be adopted in the U.S.

“We expect to see a 336 percent monthly growth rate of this malicious identity theft malware in 2009, fueled by the huge business behind this particular type of cybercrime,” said Luis Corrons, Technical Director of PandaLabs. “We must become aware of the dangers of malware identity theft and protect ourselves from the serious potential losses, both in time and money.”

To see the growth and correlation between identity theft and banker Trojan PC infections from January 2008 to February 2009, including PandaLabs’ predictions on growth rates through the rest of the year, please access the following link: http://www.flickr.com/photos/panda_security/3340793945/

Banker Trojans are malware specifically created to steal user account information from banks and their customers. Trojans have increased in sophistication and are now able to easily update and expand the list of banks they can attack via the Internet.

According to PandaLabs, the top families of banker Trojans that are the most prevalent in infiltrating users’ systems are:

Trj/Cimuz

Trj/Sinowal

Trj/Bankolimb

Trj/Torpig

Trj/Goldun

Trj/Dumador

Trj/Spyforms

Trj/Bandiv

Trj/SilentBanker

Trj/PowerGrabber

Trj/Bankpatch

Trj/Briz

Trj/Snatch

Trj/Nuklus

Trj/Banker

The most common origins of these banker Trojans are China and Russia, with Korea and Brazil also emerging as countries of origin for these threats. To see a chart outlining the origins of banker Trojans, please access the following link: http://www.flickr.com/photos/panda_security/3341624488/

Other general, non-banker Trojan, forms of identity theft malware steal usernames and passwords to chat, games or applications as well as personal information. The most common types of non-banker Trojan identity theft malware are:

Trj/Lineage W32/Lineage.worm

Trj/Legmir

Trj/Wow

W32/Wow.worm

Trj/MSNPassword

Trj/PassStealer

Trj/QQPass

To learn more about banker Trojans, please visit the latest PandaLabs post at: http://pandalabs.pandasecurity.com/archive/Bank-details-uncovered.aspx


1- Figures based on the estimated North American and worldwide population of Internet users in 2008: calculated based on 1 billion users worldwide and 222,141,961 for North America, factoring ADSL penetration of 76 percent. Source: http://www.internetworldstats.com

2- 2009 Identity Fraud Survey Report: Identity Fraud on the Rise But Consumer Costs Plummet as Protections Increase http://www.javelinstrategy.com/

3- http://www.consumer.gov/idtheft/pdf/ftc_06.16.05.pdf