Malware, Mobile Device Threats Surge in Q3: McAfee
Security-software vendor McAfee's third-quarter threats report finds a huge increase in both the volume and sophistication of malware.
Spam volume fell to its lowest level in two years in the third quarter, but malware, be it in infected sites or links embedded inside spam messages, surged to an all-time high, according to security-software vendor McAfee's 3Q Threats Report (available here in PDF format).
One of the most alarming figures in the report is the finding that an average of 60,000 new pieces of malware are identified each day, up more than 400 percent since 2007. And this proliferation of sophisticated malware comes at time when total spam messages fell to a two-year low.
In a nutshell, while there may be somewhat less spam out there making its way into Internet users' email accounts, the messages that are getting through are more toxic and damaging than ever before.
McAfee (NYSE: MFE) security researchers said that a number of old, familiar malware scams, such as SQL injections, botnets and fake antivirus campaigns, are still posing a significant threat to both consumers and enterprise users.
But they were especially disturbed by a pair of relatively new developments: the rise of the Zeus robot network and the emergence of the Stuxnet worm, a pair of narrowly targeted malware efforts that likely signal the beginning of new era in security attacks.
"Threats to mobile devices are attracting more attention, and we now see the Zeus bot is also riding the mobile wave," McAfee said in the report. "In many ways these new threats will mirror many of the established threats as they make their way to new platforms because the human element, with its constant susceptibility to social engineering, remains the same."
The report noted that the Zeus botnet is designed to intercept SMS messages to validate transactions, making it possible for cybercrooks to snare vital login and password credentials to steal funds from victims' accounts. In the third quarter, McAfee security filters detected a significant increase in email campaigns spreading the Zeus botnet under the disguise of legitimate companies and organizations, including the United States Postal Services, FedEx, Western Union and the Social Security Administration, among others.
McAfee found that botnet activity was still very high in the third quarter, with the Cutwail variety accounting for more than 50 percent of botnet spam traffic in every country studied. Cutwail bots were responsible for denial-of-service attacks on more than 300 websites in the quarter, including advances on the CIA and FBI websites as well as Twitter and PayPal.
Facebook and Twitter continue to be both sponges and incubators for new and more elaborate malware operations. McAfee's report reiterated the fact that shortened URL services are using the Twitter platform to hide malicious websites and links in tweets that are quickly launched and passed from user to user in a geometric progression.
In the quarter, McAfee said that 60 percent of the top Google (NASDAQ: GOOG) search terms returned malicious sites -- often multiple malicious sites -- within the first 100 results.
But none of these new or evolving malware threats bothers security software vendors nearly as much as Stuxnet worm, first discovered in July.
"Search engine and term abuse continues to mirror the news of the day, and we saw many developments in the areas of cybercrime and hacktivism -- specifically in stolen identities and cybercrime toolkits," researchers wrote. "However, all these attack vectors take a backseat to the quarter's most significant threat: Stuxnet."
In September, Iran was the first to confirm that this highly targeted and complex worm managed to infiltrate PCs at the country's first nuclear power plant.
Because Stuxnet was created specifically to attack Supervisory Control and Data Acquisitions (SCADA) systems, it's an especially serious threat considering many of the world's most important and vulnerable infrastructures -- military, power plants, transportation systems and communications -- are run on SCADA systems.
"This advanced worm took center stage amid rumors of government conspiracies and cyberwarfare," the report said. "When we look back, this year might well become known as the Year of the Targeted attack, due to narrowly aimed malware such as Stuxnet and Operation Aurora."