The Evolution of Malware So Far This Year

The rate that this stuff is growing is phenomenal, and it is being pumped out by at least three different groups who want control of it all. This according to an article written by Alexander Gostev, Senior Virus Analyst, Kaspersky Lab, in which he says security analysts are predicting a watershed year.

As for infection vectors, Kaspersky Lab analysts believe that email and browser vulnerabilities will continue to be widely used. Although malicious programs will continue to use P2P networks and IRC channels to spread, this is unlikely to be on a large scale. Generally, this tactic will be used locally ? for instance, Winy, a P2P client which is very popular in Japan, may start to cause serious headaches for Asian users. Instant messaging clients will remain in the top three methods for conducting attacks: however, this infection vector is unlikely to see a big increase in popularity.

Epidemics, virus outbreaks and attacks will become even more markedly linked to specific geographical territories. For instance, Trojans which steal online gaming data and worms with virus functionality are likely to dominate in Asia, whereas Trojan spy programs and backdoors will have the lion’s share in Europe and the USA. Latin America will continue to suffer from a large number of Trojan banking programs.

There’s no question that Vista, and vulnerabilities associated with this new operating system, will be the main security event of 2007. Source: Malware Evolution: January – March 2007

This is one big and one information packed post that talks about Vista and how secure it really is, about the various botnet creating groups, and about a person named Li Jun, known as WhBoy online, who could possibly be the most active virus writer of the past decade, as his nick is associated in all of these different malicious programs:

Several dozen variants of Trojan-PSW.Win32.Lmir, a Trojan which steals accounts for Legend of Mir, an online game;
Several dozen variants of Trojan-Downloader.Win32.Leodon;
All worms in the Email-Worm.Win32.Lewor family;
A number of variants of Backdoor.Win32.WinterLove;
Several dozen variants of Trojan-PSW.Win32.Nilage, which steals user accounts to the online game Lineage;
Several dozen variants of Trojan-PSW.Win32.QQRob, a Trojan which steals QQ accounts (a Chinese instant messaging system);
The Viking and Fujack worms.

At least he is in custody in China, who tried to make him write an antivirus to clean computers of the Fujack virus, but he was unable to control his own creation. Here is a video of the spread of the Storm Worm, one of the big virus outbreaks created by one of these botnet groups.