According to the report, the overall number of infected computers (page 10) used in the sample decreased compared to previous quarters, however, 48.35% of the 22,754,847 scanned computers remain infected with malware.
And despite that the crimeware/banking trojans infections slightly decreased from Q2, over a million and a half computers were infected.
More details:
"Though the scanning system checks for many different kinds of potentially unwanted software, for this report, Panda Labs has segmented out ‘Downloaders’ and ‘Banking Trojans/Password Stealers’ as they are most often associated with financial crimes such as automated phishing schemes.
The proportion of infected computers detected has decreased for the first time in 2009. In the same way, the proportion of banking Trojans has decreased from a 16.94 percent in Q2 to 15.89 percent in Q3. The proportion of Downloaders has dropped to 8.39 percent from 11.44 percent in Q2 ? but it is still higher than in Q1 (4.22%)."
With the sample itself limited to that of a particular vendor, the remaining over million and a half crimeware infected computers, remain a cause for concern.
Due to its mass adoption, and lack of awareness building on its actual applicability in fighting today's crimeware, two-factor authentication is still perceived as highly effective authentication solution. Otherwise, why would financial institutions keep insisting on its usefulness? Things are thankfully heading in the right direction.
How does this happen, and how are cybercriminals bypassing the phone verification process?
Last month, The American Bankers' Association (ABA) issued a similar warning to small businesses, recommending the use of dedicated PC for their E-banking activities, one which is never used to read email or visit web sites in an attempt to limit the possibility of crimeware infection.
No matter which adaptive approach you'd consider (Time to ditch Windows for online banking and shopping; Live CDs), cybercriminals have clearly adapted to the currently implemented multi-factor authentication processes in place.