There's a thriving malware market, and you're the commodity
If you listen to security companies then you may come to believe that the Internet is one big dark alley. Of course the industry has a vested interest in having you believe that you are in more or less perpetual danger. Now Dr. Web, the antivirus company, has released its monthly threat report, and the danger is almost as bad as the industry wants you to think.
The most "popular" threat during the month of March was Trojan.hosts programs: "Hosts file containing DNS server IP addresses has been compromised 186,496 times, which constitutes over 10 percent of the detected threat total". The threat is commonly spread through malicious or compromised web sites. In early 2013 the files were being detected at a rate of over 9,500 infections per day.
The security firm also reports that the botnet known as "Win32.Rmnet.12" is growing at a rather alarming rate. "As of December 2012, the total number of infected machines was 6.5 million, and by March 27, 2013, it reached 8,593,330, an increase of two million over the first three months of 2013", the company says. The news of this growth is bad enough, but the explantation of what it is is even worse.
The file infector Win32.Rmnet.12 can perform backdoor tasks at the command of a remote server and also steal passwords stored by popular FTP clients. That stolen information can then be used to mount network attacks or infect sites. The virus can also embed content into loaded web pages, redirect a browser to a site specified by criminals and send user information to remote hosts. Oh, and it can also self-replicate.
And then there is the malware that has been awarded the "threat of the month" medal. This, Dr. Web's report claims, goes to Trojan.ArchiveLock.20. This little beauty can place all of your important files in password-protected WinRAR archives. Then all you have to do is pay the hacker for the privilege of getting back your own documents.
This one is also spreading according to the report: "Earlier the Trojan targeted only Russian users, but in March multiple incidents involving the program were registered in European countries such as France and Spain. In the short period from March 23 to 26, 150 Italian users whose systems were compromised by the malware contacted Doctor Web's technical support and that number is rising".
The company also touched on Trojan.Yontoo.1, the Mac virus we previously covered and names a new piece of Android malware that goes by the moniker of "Android.BiggBoss".
In short, despite most platforms and users gaining better security in recent times, the attackers continue to innovate just as fast as any software maker, and sometimes much more quickly. Add that to the number of innocent users who remain clueless about much of this and you have the perfect recipe for a thriving malware market.