Report: Malware Growth At An All-Time High

McAfee Inc. recently released the McAfee Threats Report: Fourth Quarter 2010, revealing a steady growth of threats to mobile platforms. The number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009. The report also uncovered 20 million new pieces of malware in 2010, equating to nearly 55,000 new malware threats every day. Of the almost 55 million total pieces of malware McAfee Labs has identified, 36 percent was created in 2010. Concurrently, spam accounted for 80 percent of total email traffic in Q4 2010, the lowest point since the first quarter of 2007.

“Our Q4 Threats Report shows that cybercriminals are keeping tabs on what’s popular, and what will have the biggest impact from the smallest effort,” said Vincent Weafer, senior vice president of McAfee Labs. “In the past few quarters, malware trends have been very similar in different geographies, but in the last quarter we’ve seen a significant shift in various regions, showing that cybercriminals are tapped in to trends worldwide. McAfee Labs also sees the direct correlation between device popularity and cybercriminal activity, a trend we expect to surge in 2011.”

Threats to mobile platforms are not new. However, as more consumers use mobile devices and tablets in their daily lives and at work, cybercriminals have taken note. During the last several years, McAfee Labs has seen a steady growth in the number of threats to mobile devices. Some of the most interesting mobile threats of Q4 2010 were SymbOS/Zitmo.A and Android/Geinimi. SymbOS/Zitmo.A was a high-profile threat that struck early in the quarter. The creators of the Zeus botnet repurposed an old version of a commercial spyware package. Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.

With the adoption of so many new mobile platforms, combined with the lack of security awareness and mobile safeguards, McAfee Labs expects cybercriminals to use botnet infections to target mobile devices. In Q4 2010, Cutwail was dethroned as the global leader in botnet activity, with Rustock the most prevalent in many parts of the world, and Bobax closely trailing behind the two.

The onslaught of malware seems to have no end, and the proliferation of both handled and IP-enabled devices’ affect on this growth remains to be seen. The top malware threats in Q4 2010 were very different in various geographies, due in part to the larger trend that threats now tend to match the types of users, habits and events that are specific to a region. Favorites for cybercriminals worldwide this quarter consisted of AutoRun malware (Generic!atr), banking Trojans and downloaders (PWS or Generic.dx), as well as web-based exploits (StartPage and Exploit-MS04-028).

Spam hitting its lowest levels in years can be attributed to a “transition period,” with several botnets going dormant during a time of year when spam volumes are usually on an upward path. In Q4, McAfee Labs learned the Bredolab botnet had been closed along with parts of the Zeus botnet. Around the Christmas holiday, spam from the Rustock, Lethic, and Xarvester botnets all disappeared, while the spam leaders this quarter were the Bobax and Grum botnets.

As more users access the Internet from an ever-expanding pool of devices -- computer, tablet, smartphone or Internet TV -- web-based threats will continue to grow in size and sophistication. In Q4, some of the most active threats included Zeus-Murofet, Conficker and Koobface, and the number of potentially malicious domains grew at a rapid pace.

Phishing URLs in the form of the IRS, gift cards, rewards accounts, and social networking accounts were also among the most popular. McAfee Labs found that within the top 100 results of the top daily search terms, 51 percent led to malicious sites, and on average each of these poisoned results pages contained more than five malicious links. McAfee Labs expects attacks using the techniques of search-engine abuse and trend abuse to focus more specifically on new types of devices in 2011.

In 2009, McAfee Labs predicted that vulnerabilities in Adobe product would become the clear choice of malware authors and cybercriminals for distribution malware and compromising systems and networks.

 This prediction has come true. Throughout 2010 malware developers have heavily exploited weaknesses in both Flash and especially PDF technologies. McAfee Labs databases reveal that malicious PDFs targeting Adobe Acrobat topped the number of unique samples by a wide margin, making them the favorite target of client-side exploitation. McAfee Labs is certain that the “Adobe” trend will continue this year, as more mobile devices and non-Microsoft operating systems support various Adobe technologies.

The main hacktivist actor in Q4 2010 was the “Anonymous” activist group. Its members engaged in various cyberdemonstrations against copyright protection groups early in the quarter and against WikiLeaks censors and detractors later in the quarter. The boundary between hacktivism and cyberwarfare continues to blur.

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Nearly Half of Companies Exclude Cybersecurity Teams When Developing, Onboarding and Implementing AI Solutions

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3