Though we're constantly being warned about the threat offered by new malware it seems that, for Windows systems at least, the old favorites continue to catch us out.
The latest threat report from security company F-Secure shows that Conficker continues to be the number one Windows threat, kept alive by the number of unpatched legacy systems still around.
Android is still the main target for mobile malware, with 61 new families discovered compared to only three for iOS. The fastest growth has been in malware that sends premium SMS messages. Ransomware is still growing too, the Koler and Slocker trojans being the largest ransomware families on Android.
Mikko Hypponen, F-Secure's Chief Research Officer says, "Criminals use ransomware to extort people by locking them out of their own devices unless they pay a ransom. Because of virtual currencies, it's becoming a lot easier for criminals to use ransomware, making it more profitable and more useful for them. For end users, ransomware is now the most prominent type of digital threat".
When it comes to spreading malware social networking sites are popular, using routes such as Kilim, a family of browser extensions that post unwanted content (messages, links, 'Likes,' etc) to the user’s Facebook account and alter browser settings. Kilim is ranked second in the top 10 threats.
Looked at geographically, most threats reported by F-Secure users in the second half of 2014 originated from Europe and Asia, but in the last six months the company saw more activity reported in South America.
The top 10 threats identified by F-Secure in the second half of 2014 are:
1. Conficker/Downadup - a worm exploiting a vulnerability in Windows to spread via the web, network shares and removable media.
2. Kilim - Browser extension that posts unwanted content to Facebook.
3. Sality - A virus family that infects exe files and hides its presence to kill processes, steal data and perform other actions.
4. Ramnit - Infects EXE, DLL and HTML files. Variants may also drop a file that tries to download more malware from a remote server.
5. Autorun - A family of worms that spread mostly via infected removables and hard drives, and can perform harmful actions like stealing data and installing backdoors.
6. Majava - A collection of exploits against Java vulnerabilities, a successful attack can, among other things, give the attacker total system control.
7. Rimecud - A family of worms that spreads mostly via removable drives and instant messaging. Can install a backdoor that allows a remote attacker to access and control the system.
8. Anglerek - A collection of exploits for multiple vulnerabilities. At worst can give the attacker total system control.
9. Wormlink - Specifically-crafted shortcut icons used to exploit the critical CVE-2010-2568 vulnerability in Windows to gain system control.
10. Browlock - A police-themed ransomware family that steals control of the users’ system, allegedly for possession of illegal materials then demands payment of a 'fine' to restore normal access.
Much more detail is available in the full report which can be downloaded from the F-Secure website.