Fake antivirus products cause adware figures to grow

Report: Adware accounted for more than 30 percent of new malware in third quarter

GLENDALE, Calif., Oct. 2 /PRNewswire/ -- Panda Security, a leading provider of IT security solutions, today announced that Adware increased more than any other type of malware during the third quarter of the year. Adware accounted for 31.05 percent of all new malware that appeared in the third quarter, up almost 10 points from the previous quarter. The main reason, according to the PandaLabs Quarterly Report, is the increase in fake antivirus products used to trick users, infect computers and ultimately, defraud the victims. The PandaLabs Quarterly Report can be downloaded from http://tinyurl.com/3eoyjs.

Fake antivirus products, when run, appear to carry out a scan of the user's PC and inevitably detect a series of infections which are actually false. The applications claim that in order to 'disinfect' the computer, users must buy the pay-version of the antivirus. If users fall for this ruse, they will be paying to remove malware which never really existed. The objective of the cyber-crooks behind these scams is, as in most cases, financial gain. Examples of fake antivirus products can be found here: http://www.flickr.com/photos/panda_security/tags/fakeantivirus/.

Despite this growth in Adware, there were more Trojans than any other category of malware, accounting for almost 60 percent of all malware samples that appeared between July and September. Worms (4.53%) and spyware (2.93%) were the other most prevalent categories. Adware, however, was responsible for more infections than any other type of malware, accounting for 37.49 percent of all infections recorded by PandaLabs. Trojans (28.7%) and worms (11.56%) were in second and third place respectively.

NDRs: evolving spam techniques

The last few months have witnessed a notable rise in a new type of spam technique: NDRs. An NDR (Non Delivery Report) is an email automatically sent by mail systems to inform senders of problems delivering their messages.

NDRs are therefore not (at point of origin) spam, but legitimate emails usually delivered by badly-configured mail servers. At present, leading anti-spam companies do not consider spam to be defined by content, instead they regard spam as "unsolicited emails sent on a massive scale." NDRs are regarded as solicited mail, since they respond to an email sent by the victim in theory. As a consequence, anti-spam techniques used up until now are not effective against these types of messages.

Moreover, the actual amount of spam distributed is doubled. This is because a user who receives an NDR corresponding to an email she hasn't sent means that somebody is sending spam using her email address. This is achieved by stealing legitimate email addresses using malware, or buying them on forums, and using them as the sender through an SMTP service. The target mail server does not verify if the sender's address is legitimate and only ensures that the target address exists. If it does exist, it will receive the spam; and if it doesn't exist, the real owner of the sender's address will receive junk mail in the form of an NDR.

"This technique is used by cyber-crooks to bypass anti-spam systems, as junk mail will be delivered if it is in someone's list of contacts," explains Luis Corrons, technical director of PandaLabs.

About PandaLabs

This content continues onto the next page...