Malware worldwide grows 15 percent in September

A rise in malware has caused the number of infected PCs worldwide to increase 15 percent just from August to September, says a report released Tuesday from antivirus vendor Panda Security.

Across the globe, the average number of PCs hit by malware now stands around 59 percent, an all-time high for the year. Among 29 countries tracked, the U.S. ranked ninth with slightly more than 58 percent of its PCs infected. Taiwan hit first place with an infection ratio of 69 percent, while Norway came in lowest with only 39 percent of its PCs attacked by malware.

(Credit: Panda Security)

The study found that in the U.S., Trojans and Adware were the two most pernicious types of malware, followed by worms and viruses.

(Credit: Panda Security)

"This is a clear sign that hackers are becoming more and more sophisticated," said PandaLabs Technical Director Luis Corrons. "Cybercriminals have found news ways to spread their creations, frequently exploiting the latest news stories to launch attacks through social networks, videos, and e-mail. The huge amount of Trojans in circulation is due to the spectacular increase in the number of banker Trojans aimed at stealing user data."

The company based its results on data taken from users who scanned their PCs with the free Panda ActiveScan online tool. The results for September were gathered from August 28 to September 28 and compared with the results from July 28 to August 27.

[adfrex]

Its about time software manufacturers were made just as liable for faulty software as the manufacturers of every other product on the planet. More liability would cause manufacturers to be more careful developing software and not deliver products with thousands of vulnerabilities.

[slickuser]

Microsoft should report better results this quarter then! 15% sales increase!!

[WinNoMo]

At what point does a hardcore Windows fan finally say enough is enough? I did less than a year ago. I can't believe I waited that long.

[42istheanswer]

Same here. I bailed for Ubuntu and am not looking back. I've been dabbling in Linux for years and have finally had enough.

[bananaphonerules]

You guys are the reason that the next gen of users will be struck by social engineering attacks. Arrogance will be your weakness. Do you really believe Linux developers are so perfect to not be susceptible to Trojans, Phishing etc?

Recent Windows versions aren't the issue. Users that have the belief that 'it can't happen to me' or don't understand are the issue. Updated software (no matter the platform) and good training are the key to safety.

[WinNoMo]

No matter what percentage of viruses affect the Windows platform, there are those that refuse to acknowledge the overwhelming evidence. Pathetic, but not my problem any more.

[superswiss]

Never mind the credibility of this study, here is some food for thought. Windows used to be the weakest link. That's when the majority of malware was comprised of viruses and worms that could infect a PC w/o the need of the user. Windows has been significantly hardened over the years and the bad guys out there had to find other ways, so they turned to social attacks. Tricking the user into installing trojans and ad-ware. It's right there in the pie chart. It takes a stupid user to install a trojan and no OS is ever gonna protect you from your own stupidity. If you think you are safe from trojans by using a Mac, think again. The weakest link in a social attack is YOU and not the OS.

[fungie5]

Actually, Linux does protect users from themselves more than other OSes because the primary method for installation of software is through package managers. Package managers allow users to access secure online software repositories which are outside the reach of hackers. Everything from plug-ins to software installations to upgrades are handled through one update system working strictly with repositories. On Windows, the user takes a risk every time he/she downloads an installer file from an arbitrary website. And the spammers are taking full advantage of this weakness in the Windows ecosystem.

[SiliconDragon]

@fungie5
Debian has had their package distribution servers rootkited twice. Package managers are also not limited to just downloading from upstream servers and will install packages saved to your hard drive as well as unsecure repositories. They can be exploited.

[fungie5]

@SiliconDragon -
That Debian incident is old news. It happened all the way back in 2003 and the attacker didn't actually manage to alter any packages. In fact he only compromised 4 servers and was detected just one day after the intrusion. The fact remains that using a package manager system is far more secure and will protect more users than having the whole Windows user base running wild around the Internet downloading installation files. As for the ability of package manager software to install from additional sources, that's hardly relevant. Only advanced users are going to be using those methods (because additional sources have to be manually configured), and they're more tech savvy than the Windows users who tend to get themselves into trouble. The bottom line is that you'll never see a pie chart like the one above showing such high rates of infection for Linux users relying on package managers. And that's my point.

[santuccie]

@fungie5:

Yes, much of the software you use on Linux comes through a repository. But what about Nero Linux? What about Adobe Flash? There are package installers for Linux as well.

[Lennron]

The reason trojans and adware are the top two is because Macs and Linux are just as, if not more vulnerable than Windows. Many Mac and Linux users don't even know they have them because of their false sense of security. Keep claiming that your computer is 100% secure because you don't have Windows all you want, it will never become true.

[Goodbye Helicopter]

hmm... dell doing well?

[Random_Walk]

So... I'm curious as to why they didn;t bother to break it down by OS type (and version)...

Nevermind that statistically, all of them are infected Windows machines; it would still be cool to see the version breakdown.

[santuccie]

'So... I'm curious as to why they didn;t bother to break it down by OS type (and version)...'
>>>>Probably because most of these are socially engineered attacks, which can affect any version that is compatible with the code. My guess would be that most of these parasites (with the possible exception of some worms) affect 32-bit, NTFS OSes; including Windows 2000, XP, 2003, Vista, 2008, and 7. But you never know; there are still a lot of programs that don't work on Vista, including legitimate ones.

'Nevermind that statistically, all of them are infected Windows machines; it would still be cool to see the version breakdown.'
>>>>I wouldn't venture to say that. Of course the numbers of Linux and OS X Trojans are probably way too small to affect these charts, but still, they're not ALL infected Windows machines.

That said, I would be interested to see versions as well, and it might close the mouths of some anti-MS gremlins around here. Worms affecting Vista/7? Depends on vector and user engagement. Exploits affecting Vista/7? 0.

[Random_Walk]

"My guess would be that most of these parasites (with the possible exception of some worms) affect 32-bit, NTFS OSes; including Windows 2000, XP, 2003, Vista, 2008, and 7. But you never know; there are still a lot of programs that don't work on Vista, including legitimate ones."

Yes, yes... but what's the breakdown? If nothing else, it would serve as motivation for folks to upgrade (or at least stop using their Win95 box to get online with).

"I wouldn't venture to say that. Of course the numbers of Linux and OS X Trojans are probably way too small to affect these charts, but still, they're not ALL infected Windows machines."

There may be some in absolute numbers, yes. However, statistically, it's probably not even big enough to make the margin of error (which is why I used the "statistically" qualifier).

[santuccie]

I agree with everything you say in this post.

[sactobob]

It's amazing that more people are not using Macintosh computers. I have been using one now for 18 years and have never had a problem with an "infection." It's amazing how much money is being wasted by companies and individuals trying to get rid of viruses, trojan horse, etc. I would guess that the number of infected Mac could be counted on one hand. ;-)

[willbw]

They cost anywhere from 1000 to 2000 dollars more and are slower, cost more to upgrade, and lets not mention dont give the original linux developers credit from the jump. Macs are for people who break there computers and cant be accountable for there own actions, and also have some decent software.

[42istheanswer]

willbw, you're delusional.

[WinNoMo]

Delusional indeed

[Hokulea]

It's not particularly amazing that more people are not using Macs. For most people, a simple netbook would suffice for their computing needs.

While I used a Mac for over four years, I can't justify spending two to three times as much for a system that doesn't do anything different than I one I can get for much less. Apple makes innovative and well designed products, but I look for what represents the best value, not the best technology.

Malware is getting worse and worse all the time. Since systems running MS OS's represent near 90%, that's what the target is. Malware is being used for criminal purpose, hence it's a legal issue. The problem is that there are too few laws addressing this type of crime and there is no global consensus on pursuing online criminals. Also at issue is online anonymity.

[mjconver]

The title of the chart. "% infected PCs", is totally incorrect, there's no way that almost 60% of PCs in the US are infected. This is a self-selected sample of users with problems, not a random sample of all PCs. I see enough random PCs to represent a statistically significant sample (+- 4% margin of error), and _none_ of them have any malware on them.

[dlevinson15]

mjconver is right

This doesn't pass the sniff test -unless they are counting tracking cookies as malware - which would be absurd.

[caplan]

I'd be curious as to what qualifies as a a "security risk", and what percentage of these infected PCs are *only* infected by a "security risk".

I checked the Panda Security site and they don't really seem to provide any further info as to their data or methodology. Also it's not clear (to me) whether the pie chart percentages represent the total number of *unique types* of software for a given malware type, or the prevalence of the type of malware on infected PCs.

From these graphs I could conclude that 59% of PCs are infected with "something", but 99% of the time that something might be just a "security risk", which might mean that they aren't running a firewall or that they haven't installed the latest Windows patches or something.

Anyone have any pointers to further info on this?

[willbw]

100% of windows and mac pc's are backdoored by the companys who create them that is the ultimate awnser.

[willbw]

I think its really cute that 6078 of these say "Hacking Tools" when 100% of these are Hacking tools idiots. You guys should get that 4 year old who paints the pollock style paintings to write these storys probly more informed.

[gertruded]

No where in the article is the fact that these are Windows machines stated. This infection rate is an indication of a failed product.

[n3td3v]

These companies that make you pay for anti-virus or other products are part of the problem and make money from the very people they try and stop. They are part of the cyber crime syndicate.

Bring in Microsoft Security Essentials, you can download it for free, and you know you're not contributing any money to the cyber crime eco system.

If only these companies that claim to not be part of the problem were a bit more like Microsoft and offered their security products for free, then the world would be a better place.

[42istheanswer]

The solution is quite simple. If you have the money, get a Mac. If you don't, run Linux. Windows should be banned from the Internet.

The latest round of foolishness at the University is phishing for email ID's and passwords. Quite successful this year. The students have no idea what they're doing. If the phishing/spam schemes we are seeing now as an indication of the state of infection, I will whole heartedly agree with this article. Folks need to wake up. It's gonna get em in the pocket book some day.

[doublewam]

I think these results are completely bogus. Go try the Panda ActiveScan online tool and see what it is calling an "infected" file. I had 5 infected files and when the scan was complete I discovered what it was calling "infected files" were only cookies.

[wzsteen]

Wow, thats pretty scary. Imagine if the idiots behind that stuff used their knowledge for GOOD.

RT
www.total-privacy.net.tc

[superswiss]

Ah, the power of statistics. The following sentence should be a giveaway to everyone. How does 59% percent of PCs scanned with their tool turn into 59% of ALL PCs.

"The company based its results on data taken from users who scanned their PCs with the free Panda ActiveScan online tool"

[jsmyton]

Thank you. I'm glad somebody else caught that one. That's not even really a valid statistic in any manner. The sampling is of people who had some kind of reason to direct their machine to an online malware scanner. A random sample statistic would be nice to see some time, though collecting valid data would be difficult. Maybe as Security Essentials gains more traction, Microsoft could produce a number that would give a better glance.

[roryk27]

soo... i just ran the online scan and it detected that I have cookies on my computer. should I be worried? I was certain that those chips ahoy that I had earlier didn't get into my keyboard. should I break out the air duster? HELP!!

[doublewam]

"Malware worldwide grows 15 percent in September"

"Across the globe, the average number of PCs hit by malware now stands around 59 percent, an all-time high for the year."

I know that malware is a problem but please up the journalism just a notch. This is a sensational, hyper-inflated figure based upon results obtained from Panda's ActiveScan (a point buried later in the article).

I have no doubt that 50+% of both PCs and Macs have "infected cookies" (a cookie is not an infected file for crying out loud!).

Also, I have no doubt that the vast majority of people who use Panda's ActiveScan do so because they suspect they already have a virus on the machine and are looking for confirmation.

Therefore, the value of this article in reporting the growth and percentages of malware infection is nil. Great headline. I'm sure it will continue getting lots of traffic. I suppose that is the point when journalism is done this way.

[divisible_by_0]

Considering that this is only based on people who used their tool, the numbers are worthless.

[SteamChip]

if they are counting cookies, I can understand the high percentage of infections.

[JimStream]

Just wondering why there is no South Korea data?

[SergeM256]

I think numbers are made up. Rate around 50-60% seems a way too much. I wonder how do they collect data? How do they know my computer is not infected and how do they know it even exists? Do they send their own spyware to collect data? Than 60% rate would make sense and title of this article should read "60% of computers infected by our spyware also have other malware". Do they count users that click on a banner "Free PC scan"? In this case 60% rate would make sense and title should read "60% users that click on every banner/pop-up have their computers infected".