Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday.
According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters (72 percent) of the analyzed malicious files fell into those three categories. The portal is a resource where users can submit a hash, IP address, domain or URL to find out whether it’s malicious.
“Malicious activity detection is the first step in an attack investigation,” Kaspersky explained in it report. “To develop response and remediation measures, security analysts need to identify the target of attack, the origin of a malicious object, its popularity etc.”
The threats that the malicious objects processed by the portal turned out to be most often associated with trojans. These boobytrapped software threats account for a quarter (25 percent) of the submissions.
Backdoors, which offer persistent remote access to devices or networks by cyberattackers, accounted for nearly a quarter – 24 percent. And finally, trojan-droppers, which are first-stage malware samples that initially land on a victim’s machine before fetching a main payload, account for 23 percent.
These do not, however, line up with the most common types of malware in circulation today.
“Trojans are usually the most widespread type of malware,” said the firm. “However, backdoors and trojan-droppers are not as common, only making up 7 percent and 3 percent of all malicious files blocked by Kaspersky endpoint products.” It added, “a number of requests were related to backdoors on the Linux and Android operating systems. Such malware families are of interest for security researchers, but their levels are relatively low in comparison to threats targeting Microsoft Windows.”
This difference between analyst interest and threat prevalence can be explained by the fact that researchers are often interested in the final target of the attack, while endpoint protection products are seeking to prevent it at an early stage, noted Kaspersky.
“For example, endpoint protection doesn’t allow an end user to open a malicious email or follow a malicious link, preventing backdoors from reaching the user’s computer,” according to the writeup.
News media coverage also appears to drive submissions to the portal, Kaspersky added. For instance, Emotet is a popular search in the portal, most likely because of a rash of reports about its capabilities in the first part of the year.
And, some common threats are simply already well-known.
“We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses, or pieces of code that insert themselves in over other programs, is less than 1 percent, but it is traditionally among the most widespread threats detected by endpoint solutions,” said Denis Parinov, acting head of threats monitoring and heuristic detection, in a media statement. “This threat self-replicates and implements its code into other files, which may lead to the appearance of a large number malicious files on an infected system. As we can see, viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats.”
BEC and enterprise email fraud is surging, but DMARC can help – if it’s done right. On July 15 at 2 p.m. ET, join Valimail Global Technical Director Steve Whittle and Threatpost for a FREE webinar, “DMARC: 7 Common Business Email Mistakes.” This technical “best practices” session will cover constructing, configuring, and managing email authentication protocols to ensure your organization is protected. Click here to register for this Threatpost webinar, sponsored by Valimail.