• United States



by Dave Gradijan

Numbers | The ‘Swiss Army Knife’ That is Modern Malware

Mar 05, 20082 mins
Build AutomationCSO and CISO

By Katherine Walsh

Trojans have surpassed downloaders as the most common form of malware, but it is becoming increasingly difficult to distinguish different categories of malware, according to new research by X-Force, the vulnerability and threat research arm of IBM Internet Security Systems.

In its analysis of 410,000 malware samples collected during 2007–one-third more samples than were collected the year before–X-Force found that Trojans (malware posing as legitimate files) represented the largest category, with 26 percent of all malware. This is in contrast to 2006, when downloaders (which exist to install more sophisticated pieces of malware) were the most common category, followed closely by Trojans and worms.

This year, worms comprised the second largest category of malware, with 16 percent, but still fell far behind Trojans. The number of downloaders has decreased significantly from 2006 levels.

However, even as researchers presented a breakdown of malware types that adds up to 100 percent, they noted that it is increasingly difficult to distinguish one category from another. Malicious coders are combining successful techniques from different types of attacks, the report said, calling modern malware “the digital equivalent of the Swiss Army knife.” For example, X-Force lists separate but small categories for rootkits, keyloggers and spyware, which spread through many of the techniques called out in other, larger categories.

The most frequently occurring Internet malware in 2007 was Trojan.Win32.Agent: 26, which accounted for 24 percent of all Trojans. The most common worm was the Net-Worm.Win32Allaple, a family of polymorphic worm that propagates by exploiting Windows vulnerabilities.

Frequency breakdown of various types of malware:

Trojans: 26 percent

Worm: 16 percent

Adware: 14 percent

Virus: 12 percent

Downloader: 10 percent

Password stealer: 6 percent

Dialer: 6 percent

Backdoor: 6 percent

Other: 4 percent

Keylogger: 0.357 percent

Rootkit: 0.277 percent

Spyware: 0.075 percent

The full report is available as a PDF from IBM’s website.

Associate Staff Writer Katherine Walsh can be reached at

The comment field below does not work. Please send your feedback directly to the author.