Amongst political turmoil, Indonesia and the Philippines are now one of the world’s major hotspots for malware infection rates, according to Comodo Threat Research Labs Q2 2017 report.
The report says that the two countries, alongside Russia, were the top locations for worm infections.
The Phillippines felt the brunt of the Brontok Worm, and Comodo says in Q2 worms are now the #2 malware threat based on its total number of detections.
The company says that worms spread worldwide and go after easy targets. They mostly take advantage of older, unpatched and unlicensed software.
Worms tend to do better in countries where the political or economic shape, so worms ‘are an indicator of other types of non-cyber compromise’, the company says.
“Given the nature of worms, what this means is that many networks in these countries do not have nearly enough licensed, patched and professionally managed hardware and software. Part of this problem, of course, is non-cyber and may take years to rectify,” the report says.
Trojans dominate the threat landscape in Australia, Japan and Korea. Upatre was the most common Trojan detection for Q2. Microsoft labelled the Windows-based Trojan as ‘severe’. The Trojan is often attached to spam from the Cutwail botnet and will then try to download Zbot or password-stealing malware Win32/Dyzap.
Viruses were the third most common malware detection type. While not quite as many variations of viruses as were worms, viruses still infected more computers.
The most common virus was Ramnit, which Microsoft says is a ‘severe’ threat to Windows systems. The main Asia-based detection locations included Indonesia, the Philippines and China.
It spreads via executable files such as .exe or .dll files, or removable drives. The virus aims to steal sensitive data, disable security software and make changes to Windows registry settings.
The report says that other viruses such as Sality mainly infected Thailand, and other viruses such as Parite targeted individual countries – in this case, Portugal.
Backdoors were the fourth most common infection type. While it has a smaller family size, Comodo says it is a highly complex malware type. DarkKomet remains dominant, however Rbot was spotted infecting Singapore.
The report also says that attackers are looking towards online services and IT providers because attacks there will have ripple effects elsewhere.
“By compromising the software that is used by millions of users around the world, attackers can increase the number and variety of victims to a virtually unlimited number. Today, nearly all financial transactions are accomplished via digital means and even critical infrastructures are managed remotely by information technology,” the report concludes.