As another year draws to a close, few can have failed to notice the plagues of malicious software, floods of fraudulent emails and the generally increased pestilence of our online world, marking out 2007 as one of the most remarkable in the history of malware. This report covers the top malware threats in 2007 and provides monthly summaries.
we protect your digital worlds
Global Threat Report
2007
www.eset.comESET Global Threat Report for 2007
1
As another year draws to a close, few can have failed to notice the plagues of malicious software, floods of fraudulent emails and the generally increased pestilence of our online world, marking out 2007 as one of the most remarkable in the history of malware. Since ESET was founded in 1992, all sorts of threats have appeared, evolved, and in some cases disappeared again. 2007 was no exception, and as a company, we've had to grow and evolve to find innovative ways to meet those threats. To tie up what was an exciting year - perhaps too exciting in some ways - we've taken a look back to consider the trials and triumphs of the past months. ESET has a unique store of data to mine, gathered through our ThreatSense.NetŪ technology, which automatically collects data about malware threats, and particularly about newly-discovered, heuristically detected threats. Information is constantly fed back from our customers (with their explicit consent of course!) to our Threat Laboratory, enabling us to recognize new threats instantly and gather statistics on the effectiveness of our detection, and so to get a 'real-world' view of the evolving threatscape. Not only does ThreatSense.Net allow us to constantly improve our products through analysis of the data, leading to enhanced detection, but it allows us to share our view of the year's trends and developments with the wider world. There is no prize for guessing that the year ahead of us will be another challenging one. One clear trend is that more and more people are realizing that proactive detection of malware, when dealing with the huge volumes and rapid spread that we see today, is an essential component of a defense strategy.At ESET we know that simply predicting and following trends is not enough to ensure the protection of our customers, and we will continue to pursue our core values, staying ahead of the curve by the consistency of our technological innovation. As successful pioneers of heuristic techniques, you can be sure that we'll be looking to ensure that we can meet the challenge of the unpredictable!As you read this report, bear in mind that the information is not only limited to ESET's own unique view, but also reflects what has happened globally over the past twelve months. As with stocks and shares, past threat trends are not a sure predictor of future developments: however, we can be certain of one thing. Although the threats may change and new ones will appear, there will continue to be malicious software threats as long as there are computers to attack and exploit, and computer users to fall victim. Furthermore, as more platforms become mainstream, they will inevitably be used as a medium for exploitation. It's worth remembering that many malware threats exploit the user, rather than a particular platform, Phishing, for instance, is not unique to a single operating system environment. We hope that you find this report interesting reading and we would love to hear from you with feedback on this report. Please write to threatreports@eset.comWe wish you a safe journey through 2008, rest assured, we will be doing all we can to protect your digital worlds. The ESET Research Team
1-866-343-ESET (3738) www.eset.com2
Table of Contents PageIntroduction and Overview 3Top Ten Email-Borne Threats 4Figure 1: Relative Proportions of the Top Ten E-mail-Borne Threats 4Table 1: What the Names Mean 5Proportion of Infected E-mails to Total Messages Monitored 5Threat Descriptions 6. Win32/Stration 6. "Probably unknown NewHeur_PE virus" 6. Win32/Netsky.Q 6. Win32/Nuwar.gen 6. Win32/Fuclip 7. Win32/Nuwar 7Figure 2: Top 10 Virus Radar Listings by Detection Type 82007 Threat Trend Summary 9. Malware Top 10 for January 2007 10. Other Events in January 12. Malware Top 10 for February 2007 13. Other Events in February 13. Malware Top 10 for March 2007 14. Other Events in March 14. Malware Top 10 for April 2007 15. Other Events in April 16. Malware Top 10 for May 2007 17. Other Events in May 17. Malware Top 10 for June 2007 18. Other Events in June 18. Malware Top 10 for July 2007 20. Other Events in July 20. Malware Top 10 for August 2007 21. Other Events in August 21. Malware Top 10 for September 2007 22. Other Events in September 23. Malware Top 10 for October 2007 24. Other Events in October 25. Malware... [download for more]
