For the last half of 2011, based on their CCM (Computers Cleaned per Mille), i.e., the number of computers cleaned for every 1,000 executions of Microsoft’s MSRT (Malicious Software Removal Tool), the European Union countries with the greatest increases in malware infection were Austria, Germany, Italy and The Netherlands.
According to Microsoft’s Tim Rains, four families of threats contributed to the steep rise in the malware infection rates: Win32/EyeStye, Win32/Zbot (also known as Zeus), Win32/Keygen, and Blacole.
Rains says, “Threat detections in Germany increased 30.4 percent from 3Q11 to 4Q11, primarily because of significantly increased detections of Win32/EyeStye, a family of Trojans that attempt to steal sensitive data and send it to an attacker.
“Detection signatures for EyeStye were added to the MSRT in October 2011. In the first ten days more than half the EyeStye infections detected and removed by the MSRT worldwide were in Germany.
“Win32/Zbot and Win32/Banker, two data stealing Trojans known to target users of online banking services (were) also on the top 10 list of threats found in Germany….This means that at least three of the top 10 threats in Germany (were) associated with bank fraud in the past – a combination rarely seen in EU member states.”
Germany had increased detections of the exploit family Blacole, which contributed to sharp increases in vulnerability exploit attempts worldwide, and Win32/Keygen, a tool that generates keys for illegally-obtained versions of software products.
Taken together, Germany had a 230% increase in its infection rate in just ninety days from 3Q11 to 4Q11, pushing it from below the worldwide malware infection rate to well above it.
Michael Kranawetter, Microsoft Germany’s Chief Security Advisor, observed, “It seems like malware distributers have discovered Germany as a promising target market finally. Maybe the economic situation in Europe might drive the criminal minded to countries with alleged better financial conditions – where they might steal more money using Trojans – or people are not as cautious as in the past and do “click more”. But the reason why is not the most important thing, it is essential to understand that cybercrime is a topic and that it will increase every day because it works. Taking those results into account it is an imperative to do more educational work an all levels, for vendors, for companies and for consumers. Security is important for the economy of the Internet. (Without security, people will become more reluctant) to use this great technology.”
A colleague of Kranawetter, Christian Wiesener, Microsoft Austria’s Chief Security Advisor, offered, “Austria is a small country with 8.39 million people. Seventy-eight percent of Austrian Households own a computer and 75% have Internet access….. More than 58% of the Austrians like online shopping…and around 54% (use) the Internet for their banking….
“(Recently) Austrian Banks (faced) a lot of phishing attacks. The banks deployed several countermeasures … like the mobileTAN procedure (MobileTANs are sent to customers’ mobile phones every time they sign onto to their accounts.).”
Wiesener said countermeasures and the awareness raised against phishing attacks made Austria less attractive to cybercriminals. However, he thought it was just a matter of time before Austria, which has one of the healthiest economies in the EU, will again become the focus of cybercrooks.