Report: 48% of 22 million scanned computers infected with malware

Report: 48% of 22 million scanned computers infected with malware

Summary: The recently released APWG report shows that 48% of the 22 million scanned computers are infected with malware. Over a million and a half are infected with crimeware/banker trojans.


The recently released APWG Phishing Activity Trends Report for Q3 of 2009, details record highs in multiple phishing vectors, but also offers an interesting observation on desktop crimeware infections.

According to the report, the overall number of infected computers (page 10) used in the sample decreased compared to previous quarters, however, 48.35% of the 22,754,847 scanned computers remain infected with malware.

And despite that the crimeware/banking trojans infections slightly decreased from Q2, over a million and a half computers were infected.

More details:

"Though the scanning system checks for many different kinds of potentially unwanted software, for this report, Panda Labs has segmented out ‘Downloaders’ and ‘Banking Trojans/Password Stealers’ as they are most often associated with financial crimes such as automated phishing schemes.

The proportion of infected computers detected has decreased for the first time in 2009. In the same way, the proportion of banking Trojans has decreased from a 16.94 percent in Q2 to 15.89 percent in Q3. The proportion of Downloaders has dropped to 8.39 percent from 11.44 percent in Q2 ? but it is still higher than in Q1 (4.22%)."

With the sample itself limited to that of a particular vendor, the remaining over million and a half crimeware infected computers, remain a cause for concern.

Due to its mass adoption, and lack of awareness building on its actual applicability in fighting today's crimeware, two-factor authentication is still perceived as highly effective authentication solution. Otherwise, why would financial institutions keep insisting on its usefulness? Things are thankfully heading in the right direction.

Last month, a Gartner report (now available for free) discussed the problem, and reasonably stated that two-factor authentication as well as out-of-band communication protocols such as phone verification, fail to protect the customer.

How does this happen, and how are cybercriminals bypassing the phone verification process?

  • Malware sits inside a user's browser and waits for the user to log into a bank. During login, the malware copies the user's ID, password and OTP, sends them to the attacker and stops the browser from sending the login request to the bank's website, telling the user that the service is "temporarily unavailable." The fraudster immediately uses the user ID, password and OTP to log in and drain the user's accounts.
  • Other malware overwrites transactions sent by a user (URLZone Trojan Network) to the online banking website with the criminal's own transactions. This overwrite happens behind the scenes so that the user does not see the revised transaction values. Similarly, many online banks will then communicate back to the user's browser the transaction details that need to be confirmed by the user with an OTP entry, but the malware will change the values seen by the user back to what the user originally entered. This way, neither the user nor the bank realizes that the data sent to the bank has been altered.
  • Authentication that depends on out-of-band authentication using voice telephony is circumvented by a simple technique whereby the fraudster asks the phone carrier to forward the legitimate user's phone calls to the fraudster's phone. The fraudster simply tells the carrier the original phone number is having difficulty and needs the calls forwarded, and the carrier does not sufficiently verify the requestor's identity before executing the fraudster's request.

Last month, The American Bankers' Association (ABA) issued a similar warning to small businesses, recommending the use of dedicated PC for their E-banking activities, one which is never used to read email or visit web sites in an attempt to limit the possibility of crimeware infection.

No matter which adaptive approach you'd consider (Time to ditch Windows for online banking and shopping; Live CDs), cybercriminals have clearly adapted to the currently implemented multi-factor authentication processes in place.

Topics: Banking, Malware, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I wonder what percentage ...

    ... of the 48% is Microsoft Windows®? Or what percentage is non-Windows computers.

    <font color=#808080>"The proportion of infected computers detected has decreased for the first time in 2009. In the same way, the proportion of banking <font color=#000000>Trojans has decreased</font> from a 16.94 percent in Q2 to 15.89 percent in Q3."</font>

    The decrease in infected computers is due to the fact that folks are leaving Windows for alternatives. You can see the difference on NetApps. Adrian can help you with NetApps.

    PS. Keep using Microsoft Windows at your own peril.

    • 15.89% infected with bank stealing code...

      is a real win, down 1%. Go windows;-)
      Richard Flude
      • Don't laugh!

        Progress is progress. At least something is being done (slightly) less wrongly. This time. For now. According to one source.
    • Actually it's because more are passing up Linux for

      Vista and Windows 7, Instead.

      Sorry, market share doesn't lie, you said so yourself. ;)
      John Zern
      • Actually it does

        This was a study of 22+ million computers, no operating systems listed to verify the numbers because this particular study wasn't interested in which OS is more vulnerable and which was less vulnerable.

        However, both of your comments have brought up the idea of market share so I have no choice but to discuss this aspect of malware.

        Now, since I've seen many many times the argument that Linux has less malware due to a lower market share, your own comment that using Windows over Linux is the reason the percentage dropped makes absolutely no sense.

        It actually proves how idiotic your reasoning is (to John Zem). Perhaps if you'd tried to argue that using Vista or Windows 7 would decrease your chances compared to using Windows XP, then you might have had a point but you didn't.
        • Idiotic is as idiotic sounds...

          Amazing how some people just can't seem to see the forest because all those trees keep getting in the way. Is Windows Vista/7 usage a reason for the lower numbers? Of course. Is the adoption of non-Microsoft operating systems another reason for the lower numbers? Again, of course. You both need to take off your "Windows/Linux is the greatest thing in the world and everything else sucks" hat and join the rest of us in the real world. By the way, his comment on market share is spot on and it's too bad you had to jump to calling it "idiotic reasoning" because you lack understanding. Using the market share line of reasoning, Linux isn't likely to garner a larger market share of exploits than Windows until it garners a larger market share of computers. This is, of course, a generality and like all generalities may be proven wrong when the facts catch up. Until then, speculation and generalities are all that's left and as long as they are based on logic and sound reasoning calling them "idiotic" is akin to the pot calling the kettle black.
          • I have a MacBook Pro...

            and I'm NOT infected... 100% sure.
          • I have Windows 7 Ultimate 64 bit

            I have Windows 7 Ultimate 64 bit and i am 100% clean as well. I have not had malware ever sence i moved from IE 6 to IE 7 after the security updates,and that was advertising malware,adware. And also ive never had a virus,not 1 and all ive ever used was Windows.
          • yep

            they must have scanned mostly 3rd world computers running outdated OS and software. win 7 is nearly immune if you have a good firewall and keep it and your software updated within reason, ios and Linux are a block of Swiss cheese in comparison(lacking firewalls, and years of "war" testing), market share is the real determinate in number of viruses on the market.
          • Right on!

            If there are a thousand houses in one town, with 1000 people trying to break into them, that perfectly explains a larger % of them being broken into than another town with only 100 houses and 100 people trying to break into them. Nothing idiotic about that reasoning at all. Go Windows!

            P.S., <a href=>this</a>.
            Lots of it.
          • your houses exist in the same location

            those 100 people in your second town are going to attack the 1000 houses over the 100 houses, they exist in the same location so a little more work can make them 900 house's more income.
          • On market share

            There's been plenty of logic and sound reasoning put into this - None of it points to your conclusions on market share.


            Netcraft shows Apache to be the market share leader for Web servers. Yet, which web servers are hacked more? Hint: Not the market share leader.

            The level of malware as it relates to market share has been refuted over and over.



          • After reading those 3 links you posted you get a more accurate

            and less biased report on whats really going on in the market place that from all the FUD/TROLLing spewed daily to the contrary here on ZDNet. Thanks for posting the links.
            Over and Out
    • I wonder what percentage...

      ...are netbooks sold with XP and IE6 in the last year or two.
    • get a clue

      the fact of the matter is that 7 is out of the box the most secure os that microsoft has ever released. the fact of the matter is if you really know what you are doing on a computer no matter what os you are running you can keep from getting infected. please do not speak if you do not know what you are talking about.
      • My answer to gossett001

        According to data collected from w3schools? log files over a period of five years, you can extract the long and medium-term trends of operating system usage.

        Windows XP is the most popular operating system. The Windows family counts for about 90%.

        As of February 2010, the following are the OS usage numbers supplied by

        Win 7 13.0%
        Vista 14.4%
        Win2003 1.4%
        WinXP 58.4%
        W2000 0.6%
        Linux 4.6%
        Mac 7.1%

        Now I don?t know if these are US numbers only or worldwide. I suspect US only and are surely close to actual usage per OS.

        The APWG Phishing Activity Trends Report for Q3 of 2009 is based on a sample of 22,754,847 computers. With such an enormous sample, one can confidently conclude that the OS used are quite similar to statistics.

        When I read the following post from ggossett001 ? ?get a clue?: ?the fact of the matter is that 7 is out of the box the most secure os that microsoft has ever released. the fact of the matter is if you really know what you are doing on a computer no matter what os you are running you can keep from getting infected. please do not speak if you do not know what you are talking about?.

        I wonder if he is talking only for computer savvy people like, I suspect, a lot of the posters here are.

        I have been using Macs since 1985, PCs for roughly 15 years and have tried Ubuntu for a couple of years but have dropped it last fall. Macs are legendary for ease of use. Windows is like driving a car where everyone must be a mechanic to drive it in order to make it really safe. In Linux?s case, you need to be a mechanic, an engineer and an architect. Linux is still not user-friendly and might never be. Too bad, but Linux, being a UNIX system, is much safer than Windows.

        What I gather from ggossett001?s comments is that people need to service their computers almost like pros. Unfortunately that is not the case for the great majority of computer users. Thus, the problems cited in the present article.

        To fix the problem, companies like Microsoft and Apple need to make their OSs more secure and less prone to attacks. It is the case with Mac OS X. People don?t use anti-virus software and don?t get attacked like Windows people do. And this is not security through obscurity. That?s too much of an easy excuse. We will see this in a couple of years because Mac usage is on the rise, has been for the last couple of years and users are not more affected by security problems that are frequent for Windows users.
    • I wonder what percentage ...

      ... of the infected machines were XP boxes on which the primary user is an admin, haven't run Windows Update recently, haven't run Microsoft's Malicious Software Removal Tool, don't run anti-malware.

      And I wonder how many of the infested Vista machines had turned off UAC in addition to the questions above.

      I am guessing that the VAST majority of infested machines were poorly managed XP boxes whose users were not even practicing the most basic PC hygiene.
    • Wrong way of thinking about it

      I'm not interested in finding out how many
      infected computers run X. I am interested in
      knowing what fraction of the computers with X
      are infected.

      Of the Windows XP computers, what fraction were
      infected? Same question for Ubuntu, OS/X and
      Windows 7.

      That would help you know which platform is you
      best bet for staying clean.
      • Agreed

        [b] [/b]
    • I don't think you're right. . . .

      It's more than likely a shift from older windows versions (XP or earlier) to Windows 7.