The last time I wrote about the threat landscape in the Republic of Korea, its malware infection rate had increased six-fold in the first six months of 2012. Korea has had one of the most active threat landscapes in the world for many years. According to the latest data published in the Microsoft Security Intelligence Report Volume 14, the last half of 2012 was no different. Figure 1 provides the raw number of systems that were disinfected in Korea and other relatively active locations in each of the four quarters of 2012.
The number of systems disinfected of malware in Korea for every 1,000 systems scanned there by the Microsoft Windows Malicious Software Removal Tool (MSRT) went down from 70.4 in the second quarter of 2012 (2Q12) to 27.5 in the third quarter (3Q12), then up to 93.0 in the fourth quarter (4Q12). During this time, Korea's malware infection rate has trended between 5 and 15.5 times higher than the worldwide average. Korea had the highest malware infection rate in the world in Q4 2012 with a Computers Cleaned per Mille (CCM) measure of 93.0; this is the highest malware infection rate ever published in the Microsoft Security Intelligence Report.
Korea's malware infection rate is significantly higher than any other location in Asia. For example, while Korea's malware infection rate has been one of the highest in the world for some time, Japan's infection rate has been one of the lowest - I have written about this interesting contrast before. Pakistan had the highest malware infection rate in the world in Q3 2012 at 30.6, when Korea's infection rate dropped to 27.5. Pakistan ranked second place in Q4 2012 with a CCM of 26.8 when Korea's infection rate increased to 93.0. In Q4 2012, Korea's infection rate was 3.5 times higher than Pakistan's.
The good news for Korea is that there really are just two families of malware that are responsible for this very high malware infection rate. As seen in Figure 4, Miscellaneous Trojans are found on over 70 percent of systems in Korea that are infected with malware.
One Miscellaneous Trojan family called Win32/Onescan is the malware primary responsible for the consistently high malware infection rate in Korea. It was found on 70.6 percent of systems that were infected with malware in Korea in 4Q12. Some other names that various anti-virus vendors call this same threat include Siren114, EnPrivacy, PC Trouble, and My Vaccine, among others. Win32/Onescan is a family of rogue scanner programs that claim to scan for malware but display fake warnings of malicious files. The rogue security software then informs the user that payment is needed to register the software and remove these non-existent threats. This threat is distributed via Korean websites.
Sign up for CIO Asia eNewsletters.