Almost three quarters of all requests for analysis to Kaspersky’s Threat Intelligence Portal were for trojans, backdoors, and droppers.
Organizations and individuals must grapple with a variety of cyberthreats and malware from phishing attacks to ransomware to viruses to trojans and more. One free resource that can identify and analyze potential threats is Kaspersky’s Threat Intelligence Portal. By entering a hash, IP address, domain, or URL, users can find information on the associated website or file to determine whether it’s malicious. Among all the requests entered at this portal, almost 75% were for just three categories, according to a Thursday report from Kaspersky.
SEE: Security Awareness and Training policy (TechRepublic Premium)
Looking at the free requests to its portal, Kaspersky found that 72% were for trojans, backdoors and trojan-droppers. Drilling down further, the research identified trojans as the most common type at 25%, followed by backdoors at 24% and trojan-droppers at 23%. Other types of malware that have been identified at the portal are ransomware, adware, spyware, and downloaders.
A trojan is a type of malware that masquerades as a legitimate program to trick the recipient into running it. Once activated, a trojan can spy on your activities, steal sensitive data, and set up backdoor access to your machine.
A backdoor is a specific type of trojan that aims to infect a system without the knowledge of the user. After the infection, a backdoor can remotely take over the machine to execute programs, delete data, and steal confidential files.
A trojan-dropper is a program that surreptitiously installs additional malware onto a system.
The types of malware observed by Kaspersky at its portal are the ones researchers most often investigate, but they’re not necessarily the most common types aimed at organizations and blocked by security products. Trojans are typically the most widespread type of malware, however, backdoors and trojan-droppers are not as common as they account for only 7% and 3%, respectively, of all malicious files blocked by Kaspersky.
The disparity between malware most frequently submitted for analysis and malware most frequently blocked by security software can be explained by one key factor. Researchers are usually interested in the final target of a cyberattack, while security products aim to prevent such attacks at an early stage. As one example, effective security software won’t allow a user to open a malicious email attachment or browse to a malicious link, thereby stopping a backdoor from reaching a computer.
Further, many of the requests sent to Kaspersky’s Threat Intelligence Portal were seeking information about Emotet. Other requests wanted details on backdoors for Linux and Android. In this case, the malware identified was of interest to security researchers. But the threat level is low compared with malware that targets Windows. As another example, viruses are a common threat, yet they account for a low percentage of the requests sent to the portal.
“We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses, or pieces of code that insert themselves in over other programs, is less than 1%, but it is traditionally among the most widespread threats detected by endpoint solutions,” Denis Parinov, Kaspersky’s acting head of threats monitoring and heuristic detection, said in a press release. “This threat self-replicates and implements its code into other files, which may lead to the appearance of a large number of malicious files on an infected system. As we can see, viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats.”