05:04 am - Monday 25 May 2015

Online Threat to Oman users still very high

By staff - Tue Dec 20, 4:55 am

Web resources containing malicious programs exist in practically every country of the world. In Q1 2011, 89% of all web resources used for hosting malware were detected in 10 countries around the globe.

The distribution of countries with malware-hosting web resources in Q1 2011

The United States still tops the list of countries in which malware-spreading web resources were detected. In the US, the bulk of the malicious content is located on compromised legitimate sites. Between January and March 2011, the share of malicious hosting sites in the US increased by 1.7 percentage points.

The most dramatic increases in malicious hosting sites occurred in Russia, up 3.5 percentage points and the UK with 2 percentage points, which puts them in 2nd and 7th positions respectively.

The number of malicious hosting sites in China decreased, continuing the trend that began in 2010. The volume of web attacks originating from this country fell by 3.33 percentage points compared to Q4 2010. The number of servers with malicious content in Germany also decreased as a result of a massive web clean-up effort organized in that country.
Countries where users run the highest risk of web infection

To evaluate the risk of users’ computers being infected via the web in various countries of the world, we analyzed how often web antivirus modules detected a malicious program on users’ machines in each country.

The Top 10 countries in which users computers run the highest risk of infection via the web

Position Country * % of individual users **
1 Russian Federation 49.63%
2 Oman 49.57%
3 Iraq 45.65%
4 Belarus 43.84%
5 Armenia 42.42%
6 Azerbaijan 42.15%
7 Kazakhstan 40.43%
8 Saudi Arabia 39.99%
9 Ukraine 39.99%
10 Sudan 38.87%

*Countries in which the number of users of Kaspersky Lab products is below the threshold of 10 thousand were not included in the calculations

**The number of individual users’ computers that were attacked via the web as a percentage of the total number of users of Kaspersky Lab’s products in the country.

In the first quarter of 2011, KSN users in Russia and Oman faced the highest risk of infection. In these two countries, nearly every second users’ machine (49%) became the target of a web attack during the three month period. The nature of the threats in these two countries is, however, entirely different. In Oman, computers are primarily infected to further expand existing zombie networks; in Russia, fraudulent programs proliferate alongside botnets.

All of the countries can be assigned to one of the following groups:

High-risk countries. Includes 7 locations with risk indicators of between 41- 60%. These are: Russia, Oman, Iraq, Belarus, Armenia, Azerbaijan and Kazakhstan.
Average risk countries. Includes those locations with risk indicators of between 21- 40%. This group contains 87 countries in total.
Safe-surfing countries. Includes those locations with risk indicators of between 13-20%. During Q1 2011, this group contained 33 countries. The lowest percentage of users’ computers attacked while surfing the net were located in Japan, Germany, Serbia, the Czech Republic and Luxembourg.

Local threats

All statistics quoted in this chapter were recorded by the on-access scanner inside Kaspersky Lab’s products.
Malicious objects detected on users’ computers

During Q1 2011, Kaspersky Lab’s solutions successfully blocked 412,790,509 attempted local infections of users’ computers connected to the Kaspersky Security Network.

In total, there were 487695 incidences of malicious and potentially unwanted programs reported. This number includes, among others, objects that had arrived to the victim computers via local networks or removable storage media rather than through the web, email or network ports.

The Top 20 malicious objects detected on users’ computers

Position Name % of individual users*
1 DangerousObject.Multi.Generic 29.59%
2 Trojan.Win32.Generic 24.70%
3 Net-Worm.Win32.Kido.ir 14.72%
4 Virus.Win32.Sality.aa 6.43%
5 Virus.Win32.Sality.bh 4.70%
6 Net-Worm.Win32.Kido.ih 4.68%
7 Hoax.Win32.Screensaver.b 4.48%
8 HackTool.Win32.Kiser.zv 4.43%
9 Hoax.Win32.ArchSMS.heur 4.08%
10 Worm.Win32.Generic 3.36%
11 Trojan.JS.Agent.bhr 3.32%
12 AdWare.Win32.HotBar.dh 3.28%
13 Packed.Win32.Katusha.o 2.99%
14 Hoax.Win32.ArchSMS.pxm 2.91%
15 Trojan.Script.Iframer 2.80%
16 Worm.Win32.FlyStudio.cu 2.74%
17 HackTool.Win32.Kiser.il 2.50%
18 Trojan-Downloader.Win32.Geral.cnh 2.11%
19 Trojan-Downloader.Win32.VB.eql 2.04%
20 Trojan.Win32.Starter.yy 1.95%

These statistics are compiled from the malware detection verdicts given by the antivirus modules of users of Kaspersky Lab products who have agreed to submit their statistical data.
* The number of individual users on whose computers the antivirus module detected these objects as a percentage of all individual users of Kaspersky Lab products on whose computers a malicious program was detected

First place in the ranking is occupied by various malicious programs detected with the help of cloud-based technologies. These technologies work when a malicious program first enters circulation and the antivirus databases do not have signatures or heuristic tools to detect it; at this time, information about this malware may exist in the cloud. In such cases, the malicious program is named according to the format: DangerousObject.Multi.Generic.

Variants of Net-Worm.Win32.Kido and Virus.Win32.Sality occupy 3rd to 6th places in the ranking – both are well known and have been around for quite a while. These malicious programs use effective methods of dissemination which remain active for a long time after they have been released in the wild. Judging by the current situation, these malicious programs will remain at the top of the most widespread malware list for a long time to come.

Two fraudware programs mentioned above and detected by Kaspersky Lab’s products as Hoax.Win32.ArchSMS have taken 9th and 14th positions on this list – they also entered the Top 20 web-threats (see the section ‘Detected objects on the Internet’ above).
Countries in which users’ computers ran the highest risk of local infection

We have calculated the percentage of KSN users in different countries on whose computers attempted local infections were blocked. The resulting numbers show the average share of infected computers in a specific country.

The Top10 countries in which infected computers are located

Position Country * % of individual users’
computers infected **
1 Sudan 69.86%
2 Bangladesh 64.33%
3 Iraq 62.15%
4 Rwanda 57.28%
5 Nepal 55.85%
6 Tanzania 55.11%
7 Afghanistan 54.78%
8 Angola 53.63%
9 Uganda 53.48%
10 Oman 53.16%

*Countries in which the number of users of Kaspersky Lab products is below the threshold of 10 thousand were not included in the calculations

**The number of individual users on whose computers local threats were blocked as a percentage of all Kaspersky Lab product users in the country

The Top 10 list of countries where users’ computers are exposed to the highest risk of local infections consists entirely of Asian and African countries. In these regions, the level of IT penetration has been growing exponentially. Unfortunately, users’ levels of security awareness have not advanced similarly, which leads to high numbers of infections – over 50% of all computers were infected. In Sudan, which is at the top of the list, malware was detected on two out of every three computers connected to KSN. Incidentally, that country also occupies 10th place on the list of countries with the most computers infected via the Internet.

As for local infections, all countries can be grouped according to their infection rates.

The group at maximum risk of local infection consists of Sudan, Bangladesh and Iraq, each with over 60% of computers having been infected locally.
The group with a high risk of local infection, between 41- 60%, consists of 48 countries including India, Indonesia, the Philippines, Thailand, Russia, Ukraine and Kazakhstan.
The group with a medium risk of infection, between 21- 40%, consists of 55 countries including China, Brazil, Ecuador, Argentina, Turkey, Spain, Portugal and Poland.
The group with the lowest risk of infection includes 24 countries.

Leave a Reply