Small drop in Christmas spam but rates still rising
Posted in: Spam at 09/02/2010 20:59
McAfee's latest threat report for the fourth quarter of 2009 saw a drop in spam over the period, although the year ended with overall amounts rising.
In the last quarter of the year spam levels dropped from a record of 175bn per day in the third quarter to 135bn, a decline of 24 per cent. However spam levels are likely to rise again, especially given a 40 per cent rise in one day, December 14th, as spammers looked to scoop last minute shoppers.
All that user-generated content? 95% is malware, spam
The latest research from Websense Security Labs paints a dreary but familiar picture of the state of online security threats. Echoing the bad news of other such recent reports, it seems the vast majority of the Web consists of malware and spam. Worse yet, even legitimate, well-known sites are being used to pump malware, SEO poisoning, or phishing attacks.
Websense uses a global network of systems to scan and analyze over 40 billion websites every hour, tracking malware and other unwanted content. The results for the latter half of 2009 show a 225 percent increase in malicious websites. Worse, 71 percent of websites found to contain some malicious code were in fact legitimate websites that had been compromised in some way.
McAfee Q4 Threats Report Finds Political Hacktivism and the Exploitation of Tragedies is on the Rise Worldwide [news release]
Malware Levels Climb Higher and China Overtakes the United States as the No. 1 Country for Botnet Zombie Production in Q4
McAfee Inc. today unveiled its Q4 Threats Report, which highlights the most significant spam-generating stories in 2009 as well as the rise of political hacktivism in countries like Poland, Latvia, Denmark and Switzerland. Report findings also reveal that 2009 averaged approximately 135.5 billion spam messages per day, yet spam volume decreased by 24 percent in Q4 compared to Q3.
Spammers utilized headlines heavily in 2009, taking advantage of breaking news stories, global tragedies and timely events. The Air France plane crash and Michael Jackson's death were among the top tragedies exploited by spammers last year. McAfee researchers also noted a significant number of 2010 FIFA World Cup-themed phishing scams, Zeus Trojans masked as the CDC, referencing the H1N1 vaccine program, and "get-rich-quick" scams due to the rise of U.S. unemployment levels.
Politically-motivated attacks are on the rise around the world, targeting popular social networking destinations, as seen recently with the Iranian Cyber Army's political attack aimed at Twitter. The report confirms that the United States is not the sole target, nor is China the sole origin for these types of attacks with recent political attacks targeting the Polish government, the Copenhagen Climate Conference and Latvia's Independence Day.
Malware including fake security software, attacks on social networks, and Auto-Run USB infections, continued to rise significantly last year. Internet-based, Web 2.0-centric attacks and threats on portable storage devices played a huge role in 2009, contributing greatly to the sheer increase in threats and demonstrating how the nature of computer threats are evolving over time. Cybercriminals used social networking sites to target a new generation of victims, with Koobface activity increasing considerably during the latter part of 2009. Koobface is now hosted by servers in 46 different countries, with the U.S., Germany and Denmark making up the top three hosting locations.
"In Q4, we saw spam activity drop, but identified some interesting trends developing in terms of the geographic distribution of cyber threats and the types of threats executed," said Mike Gallagher, Senior Vice President and Chief Technology Officer at McAfee Labs. "China emerged as the worldwide leader in both zombie production and the execution of SQL-injection attacks, while internet-based attacks played a bigger role and will continue to do so as cybercriminals target the most popular social destinations in 2010."
China Overtakes the U.S. as No. 1 Country Producing Zombies
Zombie production in the U.S. dropped significantly from 13.1 percent in Q3 to 9.5 percent in Q4, making China the top of Zombie-producing country at 12 percent. Brazil ranked third, with Russia and Germany rounding out the top five countries. The U.S. still remains the number one country in terms of spam production, with Brazil and India taking the number two and three spots. Ukraine and Germany joined the list of top 10 countries producing spam for the first time in 2009.
The Geographic Distribution of Web Threats
North America is the worldwide leader in hosting malicious content, with EMEA in second, followed by Asia/Pacific. In Europe, Germany holds the number one spot, followed by the Netherlands and Italy. China is the chief host for malicious content in Asia, followed by Russia and South Korea. South America is beginning to play a larger role, with Brazil as the top hosting country in that region.
China is the Worldwide Leader in SQL Injection Attacks
Although SQL-injection attacks originate from a number of countries across the globe, China was by far the number one country hosting these assaults at 54.4 percent. Due to the growing popularity of Adobe applications, McAfee Labs saw a number of client-targeted attack attempts to exploit Flash and Acrobat reader.
For a full copy of the Q4 2009 Threats Report, please visit: http://www.mcafee.com/us/local_content/reports/threats_2009Q4_final.pdf
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world's largest dedicated security technology company. McAfee is committed to relentlessly tackling the world's toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse, and shop the web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com.