What's in The PhAT Report?

Category: Security

The most recent Phishing Activity Trends Report (or as I prefer to call it, “The PhAT Report”) contains some accepted wisdom and some startling surprises. It may influence your choice of security software and the focus of your security awareness. Read on...

250,000 New Threats Per Day?

The quarterly report is published by the nonprofit Anti-Phishing Working Group, with contributions of data and analysis from security firms such as PandaLabs, WebSense, Internet Identity, and Illumintel. Over 2,000 global corporations, government agencies, and organizations are members of APWG.

The first surprise in the PhAT Report confirmed my assumptions by blowing them out of the water. I assumed the number of different malware species was growing, but not at the rate of “an average of 255,000 new threats per day.” That’s over 23,500,000 new threats in just the last three months of 2014!

No, there aren’t that many black-hat programmers in the world. The vast majority of the new threats are minor variations on old malware. Automated “code tweakers” rapidly re-write malware to give it a slightly new digital signature while retaining its functionality. The new signature is intended to fool signature-based malware detection engines. By cranking out so many variants per day, the bad guys hope to stay ahead of anti-malware programs’ signature database updates.
PhAT Report

Signature-based detection is still included in virtually all anti-malware programs, so the bad guys need to keep up this bombardment of variants. But other malware detection techniques that aren’t fooled by code tweaks are commonly used, too.

“Behavioral analysis” examines what software does rather than what it looks like. If, for example, a program tries to update files it didn't create, modify the Windows registry, or replace an operating system file, it may trigger an anti-malware alert.

Of course, many legitimate programs can be caught by behavioral analysis, so “whitelists” of programs generally recognized as safe are included in anti-malware software. Generally, users can add programs to such whitelists so they will stop generating false alerts.

The Crowd and The Cloud

Crowd-sourcing of new threats harnesses the power of an anti-malware program’s user base to identify new threats and add them to all users’ signature databases within moments. This type of anti-malware defense is often cloud-based, with threat reports from all over the globe being delivered to a central site that provides detection service to all users via the Internet. Malware eradication may be handled via the cloud or by local software on each user’s machine.

Panda Cloud Antivirus and Immunet are two examples of crowd-sourced malware detection. Sophos, Bitdefender, AVG, and Kaspersky incorporate behavioral analysis, as do many other programs.

Another surprise in the PhAT Report concerns the issue of phishing exploits that impersonate financial institutions and trick victims into giving up their login credentials. Data from Websense, which tracks this sort of thing for its living, says such exploits account for only 0.17% of all the malware it detected in Q4 2014.

Roughly 38% of malware detected by Websense in Q4 was “generic data stealing” software that resided on users’ machines. This category includes malware designed to transmit sensitive information from the infected machine to its masters; provide remote control of an “enslaved” machine; and open backdoors into its operating system.

Over 62% of the malware that Websense detected was classified as “other,” a category that includes self-replicating worms, dialers for telephone chargeback scams, and other “oldies but goodies” in the malware family.

This doesn’t mean that phishing sites imitating financial institutions’ login pages are a negligible problem. The financial sector was the target of 20% of phishing exploits in Q4, just behind the retail/consumer services sector. Websense is warning us that danger of “drive-by” infections is still enormous.

Globally, One Third are Infected

Indeed, the PhAT Report cites a global infection rate of 33.21%; one out of every three computers suffered a malware infection in Q4 2014. The USA was about average. Higher infection rates were found in Russia, Asian and Latin American countries, while Europe tended to have the lowest infection rates.

Phishing sites are seldom stand-alone affairs. Most are inserted into legitimate Web servers, which host the parasitic phish unknowingly. Since most Web servers are in the USA, it’s no surprise that most phishing sites are found on USA servers. A pleasant surprise is the USA’s share of phishing sites dropped from 67% to 40% during Q4 2014. The Czech Republic zoomed to No. 2, with 16%.

It should be obvious that anti-malware protection is essential in this threat environment; ideally, your protection should include signature, behavioral, and crowd-sourced lines of defense. Extra vigilance is advisable when dealing with any unsolicited communication that urges you to click a link to a retailer’s or bank’s Web site.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 8 May 2015

For Fun: Buy Bob a Snickers.

Prev Article:
Prepaid Phone Plans for 2015

The Top Twenty
Next Article:
Microsoft Edge: New Browser on the Block

Most recent comments on "What's in The PhAT Report?"

Posted by:

08 May 2015

Just yesterday I forwarded a copy of a E-mail to Paypal spoof that was a scam.I have in the past received them from a Bank I have never deal with . All claiming there was unusual activity in my account and wanted me to provide confidential information or my account would be locked. These E-Mail do look pretty convincing and could easily fool people.
In my case I wasn't fooled but it fooled my Anti Virus program! So yes some do get through and consumer knowledge is the best update to any Anti Virus program. Thanks for another great article

Posted by:

08 May 2015

Good and interesting information.

The biggest tip I glean from this is to make sure your antivirus/firewall include behavioral analysis. Surely everyone who reads your newsletters knows better to click on a link in an email.

I know you write at least one article every year about the results of independent testing of security programs. I just don't remember if the testing actually gave an easy to follow list of security products that offer good behavioral analysis. I think you should have included a link to your article in this article (or to the independent tester site/results page).

Posted by:

Mac 'n' Cheese
08 May 2015

I received just such a phishing attempt today, ostensibly from my bank. Gmail flagged it as a phishing attempt and sent it to my spam folder.

The perpetrators are getting better at imitating the look of a genuine bank message, so the old caution is still valid:

If you EVER receive a message purporting to be from ANYONE you know or trust (friend, bank, sister) asking you to click a link ... and if you weren't expecting the message or you can't know FOR DARN SURE it is legitimate, do NOT click the link!

If it's a friend or family member, call or email him or her and ask, "Hey, did you send me this link?" If it's from a business, use the link you usually use (in your bookmarks, favorites, or password manager) to go to their website. Or calla the business on the telephone. Ask the same question, "Did your business send me this link?"

Get in the habit of NEVER automatically clicking a link without first asking yourself, "How do I KNOW this is what it appears to be?"


Posted by:

Robert Kemper
08 May 2015

Things don't look good in computer haven, as time goes by.

Posted by:

08 May 2015

Thanks Bob, you just confirmed what I've been thinking. I have been getting e-mails wanting me to click on a link to confirm my shipping address with Amazon for a delivery that I haven't ordered and therefore I keep deleting said e-mail. I like to think I'm a little smarter than that. It has been tempting thou, since we have bought things in the recent past. I just go to the Amazon web site and check my status, which is ok.

Posted by:

Dave B
08 May 2015

How does one know if their anti-malware or anti-virus includes "signature, behavioral, and crowd-sourced lines of defense?" For example, does Avast or Malwarebytes indlude them? Thanks for your many informative emails.

Posted by:

Stuart Berg
08 May 2015

I like the free (for personal use) VoodooShield (https://voodooshield.com/) as an addition to my normal antivirus software (Avast). It essentially locks down a PC with a whitelist that is easily created and easily maintained. It has a training mode which is typically used for awhile before activating for real ("Smart" mode). It's simple to switch between "Training" mode and "Smart" mode. There is no conflict with any antivirus because it's not an antivirus.

Posted by:

08 May 2015

My comment may show my naivety, like such as bouncing back, like a tennis ball, a program that could damage the perpetrators computer?.

Posted by:

Denis Ferguson
08 May 2015

I find it difficult to believe the low apprehension rates for the perpetrators of this type cyber-crime. I am not necessarily talking about the coders, more about the beneficiaries of the activity. Follow the money. Perhaps if the worlds intelligence organisations such as the CIA etc. were tasked with sorting the problem out, we might soon see a lessening of the activity. Maybe more single car fatal accidents on dark deserted roads, but less computer problems.

Posted by:

09 May 2015

Does this report cover how Apples are affected?

Posted by:

19 May 2015

To Jon,
Just like PC users, Mac users have to face up to a quantum leap in viruses and intrusions. PC users have had to move beyond the good old Anti-Virus products, and Mac users have to recognize that there is nothing magical that makes Macs immune, just that there hasn't been enough Macs in office use to be worth hackers' trouble. Thanks to iPhones, iPads, and some really great MacBooks, we've now passed that point, so get some computer security software now.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- What's in The PhAT Report? (Posted: 8 May 2015)
Source: https://askbobrankin.com/whats_in_the_phat_report.html
Copyright © 2005 - Bob Rankin - All Rights Reserved