While the volume of malware threats has spiked recently, one expert believes that this is a good sign, with cybercriminals having to resort to increasingly desperate measures to get a result.
A security report released today has shown that a new Trojan horse, PDFex, has crashed into the top three e-mail based malware threats in the last month, after a mass spamming campaign involving a mass-mailed PDF with links to malicious content.
"It's an interesting vulnerability," said Paul Ducklin, head of technology at security firm Sophos, who believes that PDF spam reflects a trend among cybercriminals to use increasingly sophisticated techniques to target users: in this case manipulating social engineering rather than technical vulnerabilities.
"PDF has a little bit more prestige for users ... people trust this file type more than others," he said.
Ducklin suggested that the fact that cybercriminals have been forced into taking steps like these is good evidence that security has improved, despite drastic increases in the overall volume of threats online.
"What we've got here is a bit of a paradox," he said. "The yield rates are a lot lower than what they used to be so cybercriminals have to try a lot harder."
"For one thing this means that they've had to cast their nets wider and pump out a vast amount more than they once had to," said Ducklin.
"Secondly, it means they've had to employ increasingly complicated tactics to expose people, such as this PDF Trojan, which relies first on a user opening the file, then clicking on a link that redirects them to malicious content, where they then have to choose to download the file," he said. "The fact that it sounds complicated can be taken as a sign that we're beginning to do very well."
According to Ducklin, the security found in most current operating systems now has enough to prevent many typical threats.
The report also indicated that Web-based attacks still pose a significant threat, with Mal/Iframe being responsible for almost seven out of 10 infections found on the Web.
The report quoted figures detecting an average of 5,200 newly-compromised Web pages hosting malicious code each day.
Looking at the Sponsored ads below, all I can think of is how ironic they are.
I've only heard of pcpitstop. The other anti virus and anti spyware ads link either to a highly advertised pretty much worthless anti virus (macrovirus) or a page of alleged antispyware comparisons. I don't recognize any of those names mentioned there.