PandaLabs' 2009 Predictions: Malware Will Increase In 2009

Share Article

Banker Trojans, Fake Antivirus Software, SQL Injection Attacks, Customized Packers & Obfuscators among the Most Popular Expected Cybercriminal Tactics

Summing up, malware in 2009 is expected to grow and become more sophisticated and more difficult to detect. There will also be an increase in Web-based attacks and attacks through social networks, which allow for more silent infections

PandaLabs, Panda Security's malware analysis and detection laboratory, today announced that a significant increase in the volume of malware (viruses, worms, Trojans, etc.) is expected in 2009. Panda Security's laboratory detected more malware strains in the eight months between January and August of 2008 than in the previous 17 years combined.

In addition to an overall growth in malware, PandaLabs made the following predictions:

1.    Banker Trojans and fake antivirus solutions will be the most prevalent forms of malware in 2009. Banker Trojans are designed to steal login passwords for banking services, account numbers, etc., whereas fake antivirus solutions try to pass themselves off as real antivirus products to convince users they have been infected by malicious codes. Victims are then prompted to buy the rogue antivirus to remove these bogus infections. Cybercriminals are currently profiting substantially from this type of fraud.

2.    Social Networks will be a focal attack point by cybercriminals. We will continue to see worms in social networks spread malware from one user to another. Malicious codes designed to steal confidential data from unsuspecting users will also become more prevalent.

3.    SQL injection attacks will continue to rise. SQL injection attacks involve vulnerabilities on the servers that host specific sites. Cyber-criminals exploit these vulnerabilities by infecting users that visit these Web pages without realizing they've been attacked.

4.    Customized packers and obfuscators will grow in popularity. These tools are used by cybercriminals to compress malware and make detection more difficult. Criminals capitalizing on this form of attack will often successfully avoid the standard tools available in forums, websites, etc., and instead turn to their own obfuscators in an attempt to evade 'signature-based' detection by security solutions.

5.    Expect a resurgence of classic malicious codes. The use of increasingly sophisticated detection technologies will drive cyber-crooks to turn to old codes, adapted to new needs. However, unlike ten years ago, viruses won't be designed with the intention of preventing systems from working or files from being opened. Instead, these re-designed codes will be aimed at hiding Trojans used for theft of banking information that garner big profits for the criminals involved.

6.    Attacks on new operating systems and computing platforms will be on the rise. PandaLabs forecasts a significant proliferation of malware targeting new platforms such as Mac OS Leopard X, Linux or iPhone in the coming year. However, these new codes will never be as numerous as those for Windows systems.

"The number of malware strains created for Mac or Linux platforms will grow in 2009, although they will still represent a very low percentage compared to the total number of threats. The reason for this is efficiency. If, for every sample emailed to a million people, three percent get infected, it is obviously much more productive to send it to a platform used by millions of users than to another, less popular platform, which will offer a lower number of potential victims", explains Ryan Sherstobitoff, Chief Corporate Evangelist, Panda Security.

7.    Increased targeted attacks around issues stemming from the financial crisis will continue into 2009. Over the last few months of 2008, PandaLabs has reported a clear correlation between the financial crisis and an increase in malware strategies and techniques. The laboratory discovered that every stock market drop was followed by a spike in the amount of malware in circulation. Similarly, the increase in the unemployment rate has continued to translate into a boom of spam offering false jobs. Cyber-criminals have increased their tendencies to prey on unemployed people with attractive job offers in order to capture money mules: people to help them launder money generated from illegal activities.

"Summing up, malware in 2009 is expected to grow and become more sophisticated and more difficult to detect. There will also be an increase in Web-based attacks and attacks through social networks, which allow for more silent infections", says Sherstobitoff. "The financial crisis will also bring an increase in malware and false job offers."

For additional information on malware predictions for 2009, visit PandaLabs at

About PandaLabs
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Crystal Wiertalla
Visit website