Kaspersky Lab, a developer of secure content management solution, announced at Gitex Technology Week, being held in Dubai World Trade Center from the 14th until the 18th of October, that the UAE tops the number of malicious programmes and Egypt bears malware infections detected on hard drives and removable Media in the Middle East.
We counted the average number of malicious programs that have been detected and blocked per each user of Kaspersky Security Network in these countries for the third quarter of 2012. It turned out that we have blocked or removed about 17 malware per each active KSN user. This is two times more than average for North America. In UAE and Oman we found 22 and 18 malware per each KSN user accordingly. The lowest value in the region is in Kuwait, where we blocked 11 malicious objects per user.
The second very important factor is how malicious or unwanted programs infiltrate on users computers in GCC countries. To do this, we analyzed how often our products detected or blocked a malicious program on users’ machines, while user was surfing the internet or was inserting removable media or just scanning his or her hard drive. So we have two main attack vectors: from web&mail and from local networks plus file/removable drives infectors.
The average share of internet users attacked in GCC during third quarter of 2012 was 24,4%. This means that each fourth user in GCC faced malware while surfing the internet! The over average value have Oman, Qatar and United Arab Emirates. For Saudi Arabia it is in the middle with 24,4% and it corresponds to the 81 position in the global ranking of countries on this indicator and 4th for the GCC countries.
In the case of infections, detected on hard drives of computers and removable media (flash-drives), in GCC this figure is much higher, than for Internet – 37,5%. The greatest value have Egypt 46% and Oman-43,5%, which means we found something malicious particularly on each second hard drive or removable device like usb-flashdrive in these countries.
When it comes to self-propagating malware with no user interaction main factor is number of well protected computers in the country. There still a lot of computers with outdated software in the GCC region and computers with no antivirus installed and this is just perfect environment for self-propagating malware, which is really widespread here.
Now let’s take a look on the malware spreading in GCC countries and Egypt. While surfing the internet most users faced malware when searching some kind of pirated content – cybercriminals use these resources to spread malware or while visiting hacked websites.
In both cases cybercriminals use some kind of automatic redirection to exploits pack. Exploit packs are very commonly used in today’s drive-by attacks. An exploit pack is a set of programs that exploit vulnerabilities in legitimate software programs running on the victim machine. In other words, the exploits open a sort of back door via which malicious programs can infect the computer. Since attacks on the web take place through the browser, cybercriminals need to exploit vulnerabilities in the browser, in browser add-ons (Flash Player), or in third-party software (Java, Acrobat Reader) which is used by the browser to process content. The main purpose of exploit packs is to download and launch executable malicious files without the user noticing.
On users computers in these countries we have detected a lot of self-replicating threats like Net-worm.Win32.Kido, Virus.Win32.Sality, Worm.Win32.Mabezat and several Trojan-downloaders. All such threats form a huge botnets that a used for «delivering» different kind of malware on users’ computers. Most likely it would be a Trojan-Banker programs that are designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. The data is then transmitted to the malicious user controlling the Trojan. Also such botnets deliver spam, ddos and proxy-bots that are used by cybercriminals to send spam, organize ddos-attacks and hide their activity.
As we can see most attacks nowadays are launched using exploits that take advantage of software errors. Which apps are most susceptible to exploits in GCC countries and Egypt? The answer is illustrated in the pie chart below: Java, Adobe Acrobat Reader, Adobe Flash, Android OS and Windows.
Users should install updates for these programs — or even better yet, allow automatic updates for these programs. More effective way to defend against exploits is to use modern internet security solution which has automatic exploit protection system.