By Katherine WalshTrojans have surpassed downloaders as the most common form of malware, but it is becoming increasingly difficult to distinguish different categories of malware, according to new research by X-Force, the vulnerability and threat research arm of IBM Internet Security Systems. In its analysis of 410,000 malware samples collected during 2007–one-third more samples than were collected the year before–X-Force found that Trojans (malware posing as legitimate files) represented the largest category, with 26 percent of all malware. This is in contrast to 2006, when downloaders (which exist to install more sophisticated pieces of malware) were the most common category, followed closely by Trojans and worms.This year, worms comprised the second largest category of malware, with 16 percent, but still fell far behind Trojans. The number of downloaders has decreased significantly from 2006 levels. However, even as researchers presented a breakdown of malware types that adds up to 100 percent, they noted that it is increasingly difficult to distinguish one category from another. Malicious coders are combining successful techniques from different types of attacks, the report said, calling modern malware “the digital equivalent of the Swiss Army knife.” For example, X-Force lists separate but small categories for rootkits, keyloggers and spyware, which spread through many of the techniques called out in other, larger categories.The most frequently occurring Internet malware in 2007 was Trojan.Win32.Agent: 26, which accounted for 24 percent of all Trojans. The most common worm was the Net-Worm.Win32Allaple, a family of polymorphic worm that propagates by exploiting Windows vulnerabilities. Frequency breakdown of various types of malware: Trojans: 26 percentWorm: 16 percentAdware: 14 percentVirus: 12 percentDownloader: 10 percent Password stealer: 6 percentDialer: 6 percentBackdoor: 6 percentOther: 4 percent Keylogger: 0.357 percentRootkit: 0.277 percentSpyware: 0.075 percentThe full report is available as a PDF from IBM’s website.Associate Staff Writer Katherine Walsh can be reached at kwalsh@cxo.com.—The comment field below does not work. Please send your feedback directly to the author. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe