IT security firm Kaspersky Lab has delivered its latest monthly report (July 2011), about malicious activity on Kaspersky Lab product users’ computers and on the internet. Through this report the company provides a breakdown of the web security situation compared to the previous month (June).

Trojan’s Mobile versions

As protection of online banking security continues to develop, cybercriminals are increasingly supplementing spy Trojans operating on users’ computers, with mobile modules so they have a better chance of stealing money from the victims’ bank accounts.

A new version of the mobile spy Trojan ZitMo was detected in July, which is capable of stealing mTAN codes, one-time passwords used when performing a remote transaction and sent to the bank customer via SMS. The mobile version of the notorious ZeuS Trojan has already been detected running on Symbian, Windows Mobile and BlackBerry platforms and now it has also added Android devices to its list.

If a user’s computer is infected with ZeuS, and the mobile phone is infected with ZitMo, the cybercriminals gain access to the victim’s bank account and can intercept the one-time transaction password sent by the bank to the user. In this case, even authentication using mTAN codes cannot prevent the victim’s money from being stolen from their bank account.

Forbidden domain

It’s not only anti-virus vendors who are giving cybercriminals a hard time. Last month Google excluded over 11 million URLs with *.co.cc addresses from its search results. The ‘blocked’ domain zone is among the largest globally, ranking fourth after .com, .de and .net in terms of registered domain names. In most cases the domain’s URLs are used by cybercriminals to spread rogue anti-virus programs or conduct drive-by attacks. According to Kaspersky however, it is difficult to say how successful Google’s campaign has been - there are indeed fewer cybercriminals using the .co.cc domains, but they have merely started using the services of other domain zone registrars.

Flying phish

In July, the experts at Kaspersky Lab uncovered an interesting development -  Brazilian phishers have started stealing the ‘miles’ accrued by frequent flyers. Not only are they using them to buy tickets but also as a form of currency. In one IRC message, a cybercriminal was selling access to a Brazilian botnet that sends spam in exchange for 60 000 miles, while in another message air miles were offered for stolen credit cards.

Malware rating

Drive-by-download attacks remain one of the most popular methods of infecting users’ computers with malicious programs. Every month new entries that facilitate such attacks – redirectors, script downloaders and exploits – appear in the Top 20 malicious programs on the internet. There was a total of 11 in July.

More detailed information about the IT threats detected by Kaspersky Lab on the internet and on users' computers in July 2011, is available from the company’s website.  

The following statistics were compiled in July using data from computers running Kaspersky Lab products:

•     182 045 667 network attacks blocked

•        75 604 730 attempted web-borne infections prevented

•        221 278 929 malicious programs detected and neutralised on users’ computers

•     94 004 507 heuristic verdicts registered.

In related news Kaspersky Lab also recently announced that it aims to stress the importance of proactive security measures, which businesses operating in East Africa need to understand and implement for future success, during the recently held IDC IT Security Roadshow in Kenya.