Apparently we posted 235 blogs here in 2012, just a fraction under 20 blogs per month on average. So this would be a perfect moment to produce one of those summaries of the year's activities that wordpress.com provides, telling you how many people viewed your blog site and how many times they'd go round the equator if they laid down end to end. Or something less ambitious, like whether they'd all fit into a telephone box.

Unfortunately, I don't have access to as much of that data regarding the Threatblog as I do regarding some of my other blogs, so when Stephen suggested I might contribute to the End of Year Threat Report with another look back at 2012 as seen on the Threatblog, the result was less statistical and more a summary of the trends and topics that caught our attention in the past 12 months. Clearly, I couldn't include all those 235 blogs, even in a fairly lengthy article. In fact, the article ThreatBlogger FootSloggers Review 2012 was so lengthy that there wasn't much room for anything else. (If you want the customary predictions for the coming year, you'll need to check out 2013 Forecast: Malware, scams, security and privacy concerns and Trends for 2013: astounding growth of mobile malware!) We did, however, include a guide to some of the articles, papers, presentations, podcasts and webcasts that ESET's research teams generated in 2012. And, of course, there are descriptions of the ten most prevalent examples of malware flagged in 2012 by ESET's Live Grid telemetry, as shown in the following graph:

I thought it might be interesting to compare it - as I did last year - with the top ten for the preceding year:

As you'd expect, there are newcomers such as Dorkbot in the 2012 chart and noticeable absences such as the online games Trojans that have been so conspicuous in previous years (no, they haven't disappeared altogether, though there are clearly more prevalent detections currently). Since poisoned web sites and scripts are an ongoing and regrettable but inevitable part of the threatscape, it's not surprising that HTML/Iframe.B and HTML/Scrinject.B are still with us (and may even be on the rise in 2013 according to our Latin America researchers). But it's also noticeable that INF/Autorun and Conficker, which you might think by now should have virtually disappeared - INF/Autorun because Microsoft long ago turned off that unfortunate default setting and Conficker because the botnet has been effectively dormant for so long - continue to maintain a certain dominance in the top ten. Indeed, it probably hasn't escaped your notice that Tchibo has been selling Hama 35mm slide/negative scanners over Christmas complete with Conficker. Wish I'd known before: I'd have bought one just for the curiosity value.

You can, of course, find lots more resources at the Threat Center, including earlier Threat Reports.

Tip of the hat to Stephen for updating the blog retrospective article with the last few links from 2012.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow