Kaspersky details Q1 information security threats

Attacks have risen, detected vulnerabilities have increased, and the overwhelming majority of these security threats target Microsoft and Adobe products says the latest quarterly threat report from Kaspersky.

The Q1 Information Security Threats report showed that the 10 most common malware families detected by the company made up slightly more than half of all internet malware, with the Iframer family coming in at number one with 15.90% of detections, followed by Generic (7.28%) and Hexzone (4.57%).

The security firm also found that although the speed at which patches for security vulnerabilities are issued has quickened in pace, so too has the proliferation of new-found security breaches. Kaspersky’s analysis revealed that nine of the top 10 unpatched vulnerabilities involved either Microsoft of Adobe products, with one dating back to 2008.

“The problem is that in between Patch Tuesdays, hackers can exploit new vulnerabilities safe in the knowledge that they will work swimmingly on most computers before the next round of patches are released”, said the report. The report also ads that Adobe’s products run on multiple platforms, and being that the company’s products are near ubiquitous on personal and enterprise machines, they make perhaps the most tantalizing target for virus writers.

The primary exploit for the first quarter of 2010 took advantage of security flaws in Adobe’s PDF readers, as Kaspersky’s data show that 47.5% of all detected exploits fell into this area.

Regional analysis showed the US reclaimed the top spot as the location serving the most malicious programs, followed by Russia (22.59%) and China. “In recent years, China has become a veritable malware factory, churning out huge amounts of malicious code”, said Yury Namestnikov, the report’s author. In Q1 of 2009, 32.80% of all detected malware was hosted on servers in China, but this number declined precipitously to 12.84% in the first quarter of 2010.

Namestnikov credits the Chinese government’s December 2009 policy – which tightened up registration requirements in the .cn domain – as the primary factor for the decrease in malware being hosted by servers in China.

“We can only hope that the measures introduced on 1 April, 2010 governing the registration of Russia’s ‘.ru’ domain, which require the provision of documents to substantiate the requesting parties’ identity, will have the same effect as in China and that malware will migrate from Russian servers”, he added.

What’s hot on Infosecurity Magazine?