redsocks malware trend report - q3 2014

Copyright RedSocks B.V. © 2014. All Rights Reserved.

Malware Threat Defender

Malware Trend Report, Q3 2014

July | August | September

October 13th 2014

Malware Trend Report 3rd

Quarter, 2014

Page 1 of 24

Table of Contents

1. Introduction .............................................................................................................................................. 2

2. Overview ................................................................................................................................................... 3

2.1. Collecting Malware ............................................................................................................................. 4

2.2. Processing .......................................................................................................................................... 4

2.3. Identifying Malware............................................................................................................................ 5

2.4. Detecting Malware ............................................................................................................................. 5

2.5. Classifying Malware ............................................................................................................................ 8

3. Trends ....................................................................................................................................................... 9

3.1. Adware ............................................................................................................................................... 9

3.2. Backdoors and Botnets ...................................................................................................................... 11

3.3. Exploits ............................................................................................................................................. 12

3.4. Rootkits .............................................................................................................................................13

3.5. Trojans ............................................................................................................................................. 15

3.6. Worms .............................................................................................................................................. 16

3.7. 64-bit Malware .................................................................................................................................. 17

3.8. Others .............................................................................................................................................. 19

4. Geolocation ............................................................................................................................................ 20

5. Final Word ............................................................................................................................................... 23

Appendix .................................................................................................................................................... 24

A. Detecting Malware .......................................................................................................................... 24

B. Classifying Malware......................................................................................................................... 25


Quarter, 2014

Page 2 of 24

1. Introduction

This is the third quarterly trend report for 2014 from the RedSocks Malware Research Lab. RedSocks is a

Dutch company specialising in Malware detection. Our solution, RedSocks Malware Threat Defender, is a

network appliance that analyses digital traffic flows in real-time, based on algorithms and lists of malicious

indicators. This critical information is compiled by the RedSocks Malware Intelligence Team. The team

consists of specialists whose job it is to identify new threats on the Internet and to translate them into

state-of-the-art malware detection capabilities.

With this report, we hope to provide the reader with a deeper insight into the trends we see in the Malware

we process. We will look at data collected during the third quarter of 2014. RedSocks analyses large

numbers of malicious files on a daily basis, therefore we can cover only a few topics briefly in this trend

report.

Protecting your data from Internet-based threats is not an easy task — and relying on protection from Anti-

Virus companies, no matter how established their brand, is not enough. Comprehensive protection requires

an entirely new approach.


Quarter, 2014

Page 3 of 24

2. Overview

The total number of new and unique malicious files processed per month went from 8.7 million in July to 7.4

million in August, and down to 6.6 million in September.

The overall detection by Anti-Virus software this quarter remains roughly the same compared to the last

quarter. The detection rate for July was 75.78 percent. For August, it is 77.50 percent and in September, the

average detection was 80.06 percent. Which might not sound too bad but it means that around 24 percent,

23 percent and 20 percent was not detected. There is a slight improvement compared with the second

quarter. Please note that identification rates can change based on samples chosen and time scanned.

During the third quarter, the number of identified Adware dropped from 1.2 million in July and August, to

0.9 million in September.

The drop in the numbers of identified Backdoors and Botnets reported in our Second Quarter Malware

Trend Report, has come to an end. In July, the numbers dropped to 53.000. In August the numbers

increased to 117.000, in September, the numbers increased further to 140.000 new Backdoors and Botnets.

Only 0.03 percent of the files were detected as Exploit and 0.05 percent as Rootkit in July by Anti-Virus

software. In August, 0.03 percent were detected as Rootkits and 0.09 percent as Exploits. For September it

is 0.04 percent Exploits and 0.02 percent for the Rootkits.

Like in the first and second quarter of this year, Trojans are by far the most popular type of Malware. In July

and August, they made up for 3.1 and 3.2 million. In September, 2.5 million unique files were identified as

Trojans.

In July, 690.000 Worm files were identified. In August, the number drops to 381.000. In September, 463.000

Worms were added to our databases.

Grouped together, all other malicious files such as Flooders, HackTools, Spoofers, Spyware, Viruses, etc.,

make up for 39, 33, and 38 percent of the total for July, August, and September, respectively.

As in the first quarter, most Command & Control (C&C) servers were hosted in the United States, followed

by the Russian Federation. During the second quarter, Germany occupied the third place. The Netherlands

was the biggest riser in countries hosting C&C servers going from 8th place in March, and April, to 6th place

in May, and finishing on 5th place in June.


Quarter, 2014

Page 4 of 24

2.1. Collecting Malware

At the RedSocks Malware Research Labs, we

track large numbers of Malware from our

global-distributed honeypots, honey-clients,

spamnets, and through various botnet

monitoring sensors. Due to the distribution

of our Honeypots, we are able to

automatically collect and process new

malicious samples from across the globe.

We also exchange large quantities of

malicious files with the Anti-Virus industry.

2.2. Processing

Working with Malware is what we love to do.

More than 200.000 new malicious files arrive

every day at our automated Malware

collecting machines.

All samples were renamed to their hash

calculation. We check to see if that particular

piece of Malware has already been

processed.

The picture on the right shows the total

amount of disk space needed to store all the

new malicious files. While the numbers of

new malicious files stayed more or less the

same, the average file size decreased a little

bit. During the second quarter, we saw that

malicious files, on average, shrunk 12.73 percent. During the third quarter, the average file size increased

with 118.52 percent.

New file metrics by month April May June July August September

Average number of new files per day 236.719 218.280 239.528 279.969 237.761 219.353

Average file size in bytes 471.319 453.797 411.308 455.027 494.817 539.299

Average Anti-Virus Detection 75.52% 74.61% 79.76% 75.78% 77.50% 80.06%

Graph: 1

Graph: 2


Quarter, 2014

Page 5 of 24

2.3. Identifying Malware

Although we collect all types and categories of Malware for all operating systems at RedSocks, we do have

a special interest in certain types and categories of Malware.

A simple means of identifying malware is by file type. RSMIT uses various analysis tools to determine the

statistically most likely file type for each malware sample we analyse. The majority of malware samples

target windows users, this causes Windows executable files to be very common while executables for other

operating systems are far less common.

The top 10 file types are listed in the tables below.

July August September

Extension Amount Extension Amount Extension Amount

EXE 7.360.993 EXE 6.143.113 EXE 5.500.664

DLL 813.347 DLL 827.924 DLL 720.834

OCX 197.634 SCR 223.397 OCX 141.419

SCR 134.100 OCX 126.126 SCR 89.343

AX 43.450 AX 28.134 AX 28.805

DOC 2.926 PDF 2.949 XLS 5.241

CAB 2.529 DOC 2.113 DOC 4.341

PDF 2.511 XLS 1.449 PDF 3.498

XLS 2.197 CPL 1.188 CAB 1.466

CPL 1.746 CAB 848 CPL 1.390

In the second quarter of this year, we saw a total of 47, 37 and 42 different extensions being used by

Malware, respectively. Like in the previous quarter, .EXE files are by far the most popular way to distribute

Malware. 84 percent of all malicious files in the third quarter were .EXE files. An increase of 3 percent

compared with the second quarter.

2.4. Detecting Malware

Within the RedSocks Malware Labs, we use an in-house built classification system for grouping Malware.

We have classified over 300 types for which we have created detailed statistics. Once multiple anti-virus

scanners (in ‘paranoid’ mode) have performed their on-demand scan, we know which Malware was

detected and, perhaps more importantly, which was not.

In graph below, the blue section shows all the new and unique malicious files per day, the green section

shows the sum of all files identified by Anti-Virus software and, in red, the number of files not detected.


Quarter, 2014

Page 6 of 24

Graph: 3

Graph: 4


Quarter, 2014

Page 7 of 24

Graph: 5

Of all the malicious files we processed in July on

average 24 percent of them were not detected

by any of the Anti-Virus products we currently

use. In August 22 percent of the samples on

average remained undetected. In September

the Anti-Virus detection improved, but still

missed 20 percent of all malicious samples we

processed.

In appendix A “Detecting Malware” you will find the

detection results per day, per month.

Graph: 7 Graph: 8

Graph: 6


Quarter, 2014

Page 8 of 24

2.5. Classifying Malware

We categorise Malware according to its primary feature. In the second quarter, Malware was grouped as

follows:

The 'Other' category in 'All Malware' consists of malicious samples that do not fit in the six categories, such

as 64-bit Malware, malicious Macros, Packed Malware, Riskware, Spamming Tools, Spoofers, Spyware, All

kinds of (Hacking) Tools, and the ‘classic’ Viruses.

See appendix B for the numbers per day, per category, per month.

Graph: 6 Graph: 5


Quarter, 2014

Page 9 of 24

3. Trends

Discovering Malware propagation trends starts with an analysis of the raw data behind the collection and

processing of Malware. From July to September, RedSocks Malware Research Labs identified the following

trends by Malware category.

3.1. Adware

During the second quarter, we identified around 3 million files as Adware. During the third quarter, we

identified 3.3 million. Like in the second quarter, this makes up for about 15 percent of the total. The overall

popularity of Adware stayed the same.

On the 25th of July, generic variations of “Adware.Graftor.146103”, “Adware.Dropper.101”, and

“Adware.Dropper.103”, were identified in 47.000, 26.000, and 15.000 files.

During the third quarter, 877.000 variations of the “Adware.Dropper” family were found. They can be

grouped in seven major versions. Newer versions are clearly not always better or more popular compared

to the days they were active on.

Graph: 9


Quarter, 2014

Page 10 of 24

Generic Malware ID Count Days active Q3

Adware.Dropper.101 394.809 92






Adware.Dropper.112 53 5


Quarter, 2014

Page 11 of 24

3.2. Backdoors and Botnets

Files identified as infected with a Backdoor or having Botnet functions, made up 2 percent in the second

quarter. A total of 309.000 files were classified in this category in the third quarter. This is 1 percent of the

total.

Since May 2014, the distribution of new and variations of Backdoors and Botnets, have been low. From the

second week of September the numbers are rising again.

On the 23rd of August, 31.000 variations of “Backdoor.Delf.ARS”, and 17.000 variations of

“Backdoor.Wabot.A” were intercepted.

Graph: 10


Quarter, 2014

Page 12 of 24

3.3. Exploits

An exploit is an attack on a computer system, especially one that takes advantage of a particular

vulnerability. Looking at malicious files that were identified as exploits, we see quite some spikes above

250.

In the second quarter, we saw a slight decrease in the overall usage of exploits compared to the first

quarter. This trend continues during the third quarter.

Of the 461 major exploit families we identified, one jumps out. Spread over 56 days, with 1.400 unique

samples is “CVE-2010-0188.C”. Making it the most popular exploit of this quarter.

Exploit “CVE-2010-0188.C” identifies malicious PDF files downloaded by the Blackhole exploit kit that

exploit a known vulnerability in Adobe Reader. To prevent successful exploitation, install the latest updates

available for Adobe Reader and/or remove any old, unnecessary installations.

Graph: 11


Quarter, 2014

Page 13 of 24

3.4. Rootkits

A rootkit is a type of software designed to hide the fact that an operating system has been compromised.

This can be done in various ways for example by replacing vital executables or by introducing a new kernel

module. Rootkits allow Malware to “hide in plain sight”. Rootkits themselves are not harmful; they are

simply used to hide Malware, bots and worms.

To install a rootkit, an attacker must first gain sufficient access the target operating system. This could be

accomplished by using an exploit, by obtaining valid account credentials or through social engineering.

Because rootkits are activated before your operating system boots up, they are very difficult to detect, and

therefore provide a powerful way for attackers to access and use the targeted computer without the owner

being aware of it. Due to the way rootkits are used and installed, they are notoriously difficult to remove.

Rootkits today are usually not used to gain elevated access, but are instead used to mask Malware payloads

more effectively.

Graph: 12


Quarter, 2014

Page 14 of 24

The huge spick on the 10th of August, was created by 2.600 different files containing the “Rootkit.15158” or

a slight modification of it. In the third quarter a total of 3.498 unique files were identified using this Rootkit.

Distribution started on the 1st of August and was last seen on the 29th of September.

Graph: 3

In the first and second quarter, we saw a slight drop in the rootkit usage. This drop continued in the third

quarter.


Quarter, 2014

Page 15 of 24

3.5. Trojans

Trojans are by far the biggest category of Malware. With more than 9.1 million (43 percent) new unique

samples in the second quarter of this year. In the third quarter 8.8 million files (39 percent) were Trojans.

Of all the Trojan families, we will only discuss the top three. At third place, we find “Trojan.Agent.BEFC”,

with 188.000 different samples distributed over 64 days. Its best day was on the 5th of July, with little over

14.000. Second place is “Trojan.Agent.BDMJ”, with 259.000 files, spread over 89 days. Its best day was on

the 1st of July. Without any doubt, the most distributed Trojan family is “Trojan.Generic.11210422”, in 58

days we counted nearly a 271.000 new samples.

AV-Identifier Total

Amount First Seen Last Seen Best Day

Amount Best Day

Days Seen

Trojan.Generic.11210422 270.613 01-07-14 27-08-14 29-07-14 51.487 58

Trojan.Agent.BDMJ 258.928 01-07-14 30-09-14 01-07-14 24.136 89

Trojan.Agent.BEFC 188.099 24-07-14 28-09-14 05-09-14 14.074 64

During the first and second quarter there was a slight increase in Trojan use. In the third quarter there is a 3

percent drop in Trojan usage.

Graph: 14


Quarter, 2014

Page 16 of 24

3.6. Worms

In roughly 1.8 million new files, we identified worm traces and functionalities. The first spike above 100.000

on the 16th of July, is primarily caused by 83.000 samples of “Worm.Generic.510258”. On the 19th of July

82.000 minor variations of “Win32.Worm.P2p.Picsys.C” were counted. The last spike, on the 13th of

September, was again caused by “Worm.Generic.510258”, this day we saw 54.000 files.

In the table below, the top 3 most identified Worm families.

AV-Identifier Total

Amount First Seen Last Seen Best Day

Amount Best Day

Days Seen

Win32.Worm.P2p.Picsys.C 290.077 01-07-14 30-09-14 19-07-14 81.650 91

Worm.Generic.510258 289.723 02-07-14 30-09-14 16-07-14 82.655 85

Win32.Worm.VB.NZQ 110.606 02-07-14 30-09-14 21-07-14 32.781 85

Members belonging to the peer-to-peer worm “Picsys.C” were with 54.000 files on the 13th of September,

responsible for the last spike.

Compared with the second quarter, a 1.4 percent increase can be observed in Worm usage.

Graph: 15


Quarter, 2014

Page 17 of 24

3.7. 64-bit Malware

In the second quarter of this year “Expiro” family members, which are able to infect 32-bit and 64-bit files,

ruled the 64-bit malware charts. The third quarter shows a drop in the old “Expiro” usage and the rise of the

second and third generation.

“Expiro” aims to maximise profit and infects executable files on local, removable and network drives. As for

the payload, this malware installs extensions for the Google Chrome and Mozilla Firefox browsers. The

malware also steals stored certificates and passwords from Internet Explorer, Microsoft Outlook, and from

the FTP client FileZilla. Browser extensions are used to redirect the user to a malicious URL, as well as to

hijack confidential information, such as account credentials or information about online banking. The virus

disables some services on the compromised computer, including Windows Defender and Windows Security

Center, and can also terminate processes.

The virus aims to maximise profit and infects executable files on local, removable and network drives. As

for the payload, this Malware installs extensions for the Google Chrome and Mozilla Firefox browsers. The

Malware also steals stored certificates and passwords from Internet Explorer, Microsoft Outlook, and from

the FTP client FileZilla. Browser extensions are used to redirect the user to a malicious URL, as well as to

hijack confidential information, such as account credentials or information about online banking. The virus

disables some services on the compromised computer, including Windows Defender and Windows Security

Center, and can also terminate processes.

In graph 16, the distribution of the 33.000 intercepted 64-bit malware samples during the third quarter.

Graph: 15


Quarter, 2014

Page 18 of 24

Graph: 16


Quarter, 2014

Page 19 of 24

3.8. Others

After the adware, backdoors/botnets, exploits, rootkits, worms, and 64-bit malware, we are still left with

6.4 million identified malicious files. This is 28 percent of the total of this quarter.

In the tables below, we divided the others over 10 categories.

Q3

Q2

Category Count % of total +/-

Count % of total +/-

DOS based 2.070 0.009 % -0.089 %

20.566 0.098 % +0.088 %

Encrypted Malware 10.361 0.046 % -0.011 % 12.031 0.057 % n/a

Generic Malware 4.083.268 18.043 % +3.660 % 3.028.399 14.384 % -0.027 %

Macro based 9.530 0.042 % -0.024 % 14.018 0.067 % +0.064 %

Malware Heuristic 153.411 0.678 % -0.355 % 217.509 1.033 % +0.096 %

PUP 2.088.143 9.227 % +0.456 % 1.846.627 8.771 % +5.746 %

Riskware 138 0.001 % 0.000 %

163 0.001 % n/a

Suspicious 62.181 0.275 % +0.071 % 42.863 0.204 % -0.181 %

(Hack)Tools 3.448 0.015 % -0.062 % 16.343 0.078 % n/a

Windows Viruses 2.784 0.012 % -0.012 %

5.080 0.024 % -0.092 %

Total 6.415.335 28.349 % +3.633 %

5.203.599 24.715 % +5.829 %

% of total: The percentage of the category of all the malicious files processed in that quarter.

+/-: Increase/decrease in percentage compared with the quarter before.

Windows Viruses: These are so called Classic Viruses for Microsoft Windows, true file infectors.


Quarter, 2014

Page 20 of 24

4. Geolocation

We can see where the hotspots are located by plotting the Command & Control (C&C) servers with the

most traffic and connections on a map. Over the past few months, a number of Malware families targeting

Point of Sale (POS) systems got some media attention.

First there was DexterPOS (first image below), then there was its sister, AlinaPOS (second image below),

and more recently there was JackPOS (third image below). One of the most interesting threads of

commonality between these samples is the command and control (C&C) structure used between them.

Using a C&C communication channel for data exfiltration, while previously rare, has become more and

more common in POS Malware.

Map 1 - DexterPOS C&C


Quarter, 2014

Page 21 of 24

Map 2 - AlinaPOS C&C

Map 3 - JackPOS C&C


Quarter, 2014

Page 22 of 24

During the second quarter of 2014, there were only minor changes at the top of the C&C landscape. Below,

the top 10 countries from the second quarter of 2014.

Top 10 Countries Hosting C&C

April

May

June

United States 1274

United States 1203

United States 1128

Russian Federation 453



Germany 289

Germany 236

Germany 257

China 226

United Kingdom 206

United Kingdom 200

United Kingdom 213

China 172

The Netherlands 184

Iran 185

The Netherlands 166

China 182

Turkey 142

Turkey 138

Turkey 133

The Netherlands 137

Korea 123

Korea 126

Korea 130

Ukraine 110

Iran 118

Ukraine 118

France and Sweden 107

Ukraine 113

In the third quarter, the United States is still leading, followed by the Russian Federation. Germany was

dropping during the first quarter, but holds the third place during the second quarter.

Top 10 Countries Hosting C&C

July

August

September


Quarter, 2014

Page 23 of 24

5. Final Word

In the second quarter of 2014, the total number of new malicious files processed was 21.1 million. For the

third quarter it was 22.6 million, an increase of 7 percent.

The overall detection by Anti-Virus software improved with 1.15 percent compared with the second

quarter. Altogether, around 4.9 million malicious files were not detected during the third quarter.

By grouping and classifying the identified Malware, we detected a decrease of popularity in 5 of the 7 main

Malware categories during the second quarter. These five categories are Adware, Backdoors/Botnets,

Exploits, Rootkits and Trojans. The remaining two categories, Worms and Others, increased.

Category Total % of Total +/- compared to Q2 Largest Family Total number

Q3

Adware 3.317.733 14,661 % - 0,011 % Gen:Variant.Adware.Dropper.101 394.809

Backdoors/Botnets 309.385 1,367 % -0,549 % Backdoor.Bot.158614 77.704

Exploit 7.109 0,031 % -0,007 % Exploit:W32/CVE-2010-0188.C 1.423

Rootkits 12.928 0,057 % -0,055 % Rootkit.15158 3.498

Trojans 8.815.922 38,95 6% -4,500 % Trojan.Generic.11210422 270.613

Worms 1.804.149 7,972 % +1,362 % Win32.Worm.P2p.Picsys.C 290.077

Others 8.293.280 36,647 % +3,325 % Win32.Ramnit.N 1.425.643

Within the top 10 of countries hosting C&C servers, the United States led the second quarter of 2014,

followed by the Russian Federation and Germany. In March and April, China held the fourth place. In May

and June, Chine dropped two places. While in March, the United Kingdom could be found at the third place,

in April it dropped to fifth place. Nevertheless, in May, the United Kingdom climbed up to the fourth place

and stayed there.

The Netherlands is found at 8th place at the end of quarter one. In May, it climbed to 6th place, and ends at

5th place in June.

We hope you that you enjoyed our third Malware Trend Report of this year. And that it may provide you

with insight into the trends we have seen during the third quarter of 2014. We continue to innovate so

please check back with us for our next quarterly trend report.

Questions, comments and requests can be directed towards the RedSocks Malware Research Labs.

G.J.Vroon

Anti-Malware Behavioural Researcher

RedSocks B.V.

W: www.redsocks.nl

T: +31 (0) 55 36 61 396

E: [email protected]


Quarter, 2014

Page 24 of 24

Appendix

A. Detecting Malware

July August September

Day Files/day Detected Undetected Files/day Detected Undetected Files/day Detected Undetected

1 231.215 201.512 29.704 184.026 158.840 25.187 239.126 201.846 37.279

2 260.455 227.561 32.894 191.338 154.811 36.527 236.601 198.112 38.488

3 213.345 182.721 30.624 222.905 146.697 76.208 165.116 115.851 49.265

4 303.476 262.315 41.161 207.948 133.971 73.977 132.314 116.227 16.087

5 293.655 251.158 42.497 296.223 217.693 78.530 244.459 181.990 62.469

6 251.246 189.897 61.350 223.473 141.493 81.980 220.487 170.210 50.276

7 239.064 166.891 72.173 251.999 204.117 47.883 307.784 244.161 63.624

8 303.854 227.484 76.370 250.537 182.156 68.381 170.997 118.793 52.204

9 231.671 187.356 44.315 274.515 220.228 54.288 196.886 144.982 51.903

10 285.159 129.134 156.025 299.826 266.947 32.878 175.565 54.222 121.343

11 205.410 167.441 37.969 217.804 101.123 116.682 115.433 72.158 43.275

12 199.065 169.470 29.595 290.279 242.213 48.066 187.449 144.766 42.683

13 267.198 228.893 38.304 292.304 259.552 32.752 354.859 312.905 41.954

14 245.964 175.275 70.689 193.414 131.480 61.934 170.819 128.074 42.745

15 243.645 204.741 38.904 163.321 124.120 39.200 210.833 164.792 46.041

16 287.457 259.286 28.171 265.502 243.304 22.198 225.021 194.477 30.544

17 254.753 194.258 60.495 253.413 224.340 29.073 289.580 242.957 46.623

18 287.442 233.257 54.185 300.524 262.758 37.767 320.598 279.991 40.607

19 509.614 405.489 104.125 277.080 238.880 38.200 211.932 174.353 37.579

20 176.917 110.630 66.287 262.666 124.480 138.187 193.898 156.961 36.938

21 302.543 260.830 41.714 224.681 174.695 49.985 213.874 181.365 32.509

22 463.635 276.601 187.033 210.761 178.382 32.380 204.922 165.764 39.158

23 416.297 333.387 82.910 302.189 250.318 51.871 128.820 108.900 19.919

24 507.670 383.886 123.784 174.875 132.048 42.827 279.256 233.630 45.627

25 246.569 161.135 85.434 209.501 166.899 42.602 246.123 209.341 36.782

26 181.122 107.478 73.644 265.338 202.982 62.357 222.781 200.440 22.341

27 261.110 185.304 75.806 177.832 157.045 20.787 225.942 201.810 24.132

28 261.343 170.790 90.553 194.639 156.493 38.146 232.846 210.067 22.779

29 307.614 287.639 19.975 242.741 194.217 48.524 263.980 234.774 29.206

30 244.926 145.929 98.997 272.008 210.605 61.403 192.282 175.577 16.706

31 195.621 112.636 82.985 176.932 138.566 38.367

8.679.053 6.600.383 2.078.670 7.370.596 5.741.449 1.629.147 6.580.581 5.339.495 1.241.086


Quarter, 2014

Page 25 of 24

B. Classifying Malware

July

Day Adware Backdoors Exploits Rootkits Trojans Worms Other

1 17.952 2.026 93 204 102.525 5.594 102.822

2 17.181 2.599 52 104 108.898 23.099 108.522

3 27.244 642 36 181 120.895 8.485 55.862

4 22.755 752 109 61 117.739 75.918 86.143

5 31.972 1.289 101 183 135.306 11.750 113.054

6 30.993 927 276 166 117.262 8.146 93.476

7 55.084 599 534 117 113.971 1.927 66.831

8 60.239 1.199 379 99 137.575 2.020 102.343

9 27.262 826 16 100 101.085 24.622 77.762

10 52.505 1.720 0 217 104.602 9.413 116.703

11 44.367 815 35 61 50.682 22.955 86.495

12 20.980 432 0 108 47.574 16.710 113.261

13 27.233 1.459 0 106 69.441 28.343 140.616

14 32.529 1.032 10 145 97.027 8.894 106.327

15 22.154 1.055 40 60 72.542 39.497 108.296

16 18.086 516 22 67 52.516 155.551 60.699

17 32.785 1.744 70 609 95.464 10.218 113.863

18 36.912 1.514 22 97 109.221 14.211 125.465

19 46.703 3.147 108 194 147.468 173.460 138.535

20 25.681 1.102 83 69 48.635 11.697 89.650

21 39.924 1.940 96 80 75.841 67.900 116.763

22 42.920 2.482 58 136 171.535 52.675 193.828

23 63.856 4.192 18 209 116.418 43.801 187.803

24 40.414 7.565 90 339 98.528 83.778 276.957

25 87.400 1.452 14 146 78.749 5.188 73.621

26 60.241 1.104 0 84 59.789 6.266 53.638

27 41.083 1.398 17 82 72.518 7.300 138.713

28 35.064 1.677 22 101 101.665 13.705 109.110

29 44.998 1.290 43 64 148.044 12.780 100.395

30 37.904 2.364 42 92 131.573 6.917 66.036

31 28.650 1.647 29 110 109.576 7.332 48.276

Total 1.173.067 52.504 2.414 4.389 3.114.664 960.150 3.371.865


Quarter, 2014

Page 26 of 24

August


1 45.975 1.198 28 528 61.413 7.518 67.366

2 48.864 1.594 221 829 85.685 3.495 50.652

3 52.959 1.805 32 462 89.862 4.779 73.005

4 70.396 1.070 100 134 85.507 4.298 46.442

5 72.563 911 46 78 75.193 12.331 135.102

6 63.302 1.458 86 268 91.303 3.567 63.489

7 38.127 1.948 29 306 139.282 18.190 54.117

8 31.024 1.727 14 48 112.454 15.343 89.926

9 65.015 1.543 39 110 120.968 19.498 67.344

10 31.343 2.101 42 3.295 206.727 5.945 50.374

11 44.145 1.873 134 77 105.665 5.369 60.541

12 32.649 1.097 44 44 107.587 45.658 103.201

13 15.747 1.793 36 96 101.258 52.050 121.324

14 51.593 1.344 38 105 86.549 6.572 47.211

15 25.195 673 10 72 86.079 3.948 47.344

16 14.363 824 20 87 84.279 4.430 161.500

17 24.048 830 101 46 84.732 12.997 130.659

18 26.943 5.182 72 52 126.601 4.176 137.497

19 22.397 1.469 97 41 118.446 18.017 116.613

20 33.432 1.411 101 16 135.810 12.620 79.277

21 30.951 1.115 218 83 121.465 3.304 67.545

22 16.203 9.714 15 23 103.040 20.621 61.143

23 17.308 56.015 29 40 98.319 31.292 99.186

24 28.640 5.634 78 78 61.562 9.605 69.277

25 40.260 2.448 65 39 65.647 15.815 85.228

26 48.481 2.063 158 31 133.976 6.698 73.931

27 13.897 707 4 27 33.807 13.251 116.140

28 56.610 1.007 19 37 103.077 2.762 31.127

29 54.851 2.694 44 48 135.494 6.646 42.965

30 34.684 2.783 140 86 162.557 7.127 64.631

31 45.716 1.251 130 47 96.086 2.927 30.776

Totals 1.197.682 117.281 2.192 7.232 3.220.429 380.849 2.444.932


Quarter, 2014

Page 27 of 24

September


1 37.360 1.193 210 32 87.361 10.089 102.881

2 28.676 1.616 61 38 128.354 4.355 73.501

3 13.992 1.679 22 22 113.436 3.643 32.321

4 12.686 609 31 12 91.774 1.992 25.210

5 39.112 2.918 133 185 112.710 7.181 82.220

6 28.702 1.899 29 103 122.300 7.373 60.081

7 32.520 1.742 21 43 135.354 29.026 109.078

8 27.852 1.284 15 28 72.773 3.157 65.889

9 53.450 1.603 53 70 62.376 5.128 74.206

10 41.373 704 15 15 59.258 3.543 70.657

11 52.968 1.182 83 9 32.959 1.159 27.073

12 59.828 2.260 36 26 85.509 3.147 36.643

13 33.243 2.870 15 39 121.338 117.198 80.156

14 41.667 2.412 0 42 69.687 2.711 54.300

15 26.271 7.611 8 4 58.674 5.655 112.610

16 29.215 6.627 37 75 92.864 5.718 90.485

17 35.397 5.233 11 98 108.871 6.381 133.589

18 38.942 11.163 26 44 110.427 33.374 126.621

19 28.345 11.674 30 43 73.227 15.120 83.493

20 22.621 6.347 41 38 72.639 10.986 81.227

21 26.963 3.397 21 30 60.793 36.512 86.157

22 37.139 2.186 199 41 60.695 14.654 90.007

23 27.985 3.818 206 21 40.910 10.216 45.664

24 39.427 8.753 280 69 87.151 24.286 119.290

25 27.867 6.516 37 40 95.000 23.080 93.584

26 17.363 13.312 186 21 76.587 20.498 94.813

27 25.171 9.836 194 40 64.141 13.119 113.441

28 15.821 7.426 178 14 55.448 15.995 137.963

29 30.052 5.796 322 39 78.468 15.856 133.447

30 14.975 5.933 0 29 49.747 11.998 109.600

Totals 946.984 139.599 2.503 1.307 2.480.829 463.150 2.546.208

redsocks malware trend report - q3 2014

Technology

table of contents

final word

copyright redsocks