THE RISE OF RANSOMWARE:

THE RISE OF RANSOMWARE

Trend Micro's TrendLabs Q1 2012 Security Roundup Report [PDF file] states that ransomware, which holds systems and/or files hostage unless victims pay a fee, was previously concentrated in Russia but now targets a wide range of other countries. "The growth of ransomware outside of Russia may be attributed to the growing difficulties associated with payment methods and fake anti-virus," Trend Micro threat response engineer Roland Dela Paz wrote in a blog post. "[Fake anti-virus] as a business is composed of an economic ecosystem that involves ring leaders, developers, middle men (affiliate networks), advertisers, etc. Because of these challenges, some criminal groups involved with [fake anti-virus] may seek alternative underground businesses such as the ransomware business, thereby making the ransomware market expand and flourish."

MALWARE COMING FROM TRUSTED LOCATIONS:

MALWARE COMING FROM TRUSTED LOCATIONS

According to the Websense 2012 Threat Report, malware redirects, malware hosting, and phishing are increasingly occurring in "trusted locations" such as the U.S. and Canada. "Almost no organization is going to block U.S. domains (the Web experience for users would be impacted too severely)," the authors write. "So it makes sense for cybercriminals to leverage these 'trusted' Web locations."

MALWARE INFECTION VECTORS:

MALWARE INFECTION VECTORS

According to Verizon's 2012 Data Breach Investigations Report [PDF file], the most common malware infection vector has long been installation or injection by a remote attacker. While just over half of attackers used this vector in 2009, fully 95 percent used it last year. "Its popularity as an infection vector likely stems both from the attacker's desire to remain in control after gaining access to a system, and its use in high-volume automated attacks against remote access services," the report states.

Next Page: Malware Functionality, Malware on Mac OS X, and Worldwide Email-Borne Malware Trends