Symantec Global internet Security threat report
Banker.C is part of the Zeus crimeware kit (a.k.a., Zbot158), which is designed to steal sensitive information relating to online banking, social networking sites, Web-based email sites, and saved passwords. it also downloads further threats based on a configuration file that allows malicious software authors to easily modify Zeus’s behavior. Zeus is readily available for sale in underground forums and is relatively simple to use, allowing novice attackers to create customized trojans and C&C servers for attacks—typically spread through spam and drive-by downloads.159 this may explain why Zeus has become a prevalent threat that is responsible for widespread bot networks.
Geolocation by type of malicious code
Symantec examines the types of malicious code causing potential infections in each region. the increasing regionalization of threats can cause differences between the types of malicious code being observed from one area to the next, such as when threats employ certain languages or localized events as part of their social engineering techniques. threats that steal confidential information can also be tailored to steal information that is more commonly available in some countries than in others. Because of the varying propagation mechanisms used by different malicious code types, and the diverse effects that each malicious code type may have, information about the geographic distribution of malicious code can help network administrators improve their security efforts. it should be noted that the numbers below represent proportional geographic percentages, and that proportional percentage fluctuations over time may not indicate an actual change to the raw number of reports from a specific region.
in 2009, the regional proportion of potential infections from malicious code remained largely unchanged; however, in all cases, the actual number of reports for each malicious code type from each region increased.160 While there were small variances in some regions, the changes were not representative of significant shifts in the threat landscape. the numbers of reports from Europe, the Middle East, and Africa (EMEA) increased proportionally more than the other regions, which may indicate that the concentration of threats targeting countries in EMEA is growing faster than the concentration in other regions. this may also signal that there is a greater concentration of malicious code authors, or organizations employing those authors, in EMEA than elsewhere.
regionally, the overall infection counts changed proportionally according to the global prevalence of malicious code types. As an example, trojans had slightly less activity compared to worms in infection counts, but proportionately in each region, they did not change substantially. this is due to users being targeted in an increasingly equal fashion worldwide even though attack origins changed over time.
158 159 160
http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99 http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits Due to rounding, cumulative totals might not equal 100 percent.