فا

‫ McAfee Threats Report: Third Quarter 2011 – 2nd Section

IRCRE201111083
Date: 2011-11-27
The McAfee Labs has studied the security threats of the third half of 2011 in a report. The following report is briefing that report.
Global Infected Computers
The top threats around the world continue to change from quarter to quarter. Last quarter, downloaders and certain potentially unwanted programs (PUPs) were prevalent. This quarter, parasitic malware and exploits are a bit more popular, with exploit scripts at the forefront of global detections.
Messaging Threats
Spam around the globe continues its downward trend. Even though spam volume is way down, McAfee Labs sees targeted spam, often called spearphishing, at its greatest development in years. So, very much like malware, the noise tells us spam levels have dropped, yet the signal we need to hear is that the bad guys have changed their tactics. They are protecting their business models and are doing so with a sophistication that creates a more dangerous threat than before.
Social Engineering
As always, social engineering lures in spam subject lines differ greatly depending on geography and language. The lures can vary by month or season, and often use holidays or sporting events as bait. Attackers show a remarkable insight into what works in different cultures and regions—not just globally but also seasonally. In France phishing may be popular, while in the United Kingdom “419 scams” are the rage. Meanwhile drug spam is hot in South Korea and Russia, while in the United States we see lots of Delivery Service Notifications (fake error messages) as a lure.
Worldwide overall botnet growth also took a small dip toward the end of this quarter, but our analysis of specific regions shows some significant increases.
Several countries saw significant growth in botnet infections. Cutwail, Festi, and Lethic lead the pack in new infection activity this quarter, while new infection rates of Grum, Bobax, and Maazben declined.
Web Threats
Websites can have bad or malicious reputations for a variety of reasons. Reputations can be based on full domains and any number of subdomains as well as on a specific IP address or URL. Malicious reputations are influenced by the hosting of malware, PUPs, or phishing sites. Often we observe combinations of questionable code and functionality.
Last quarter McAfee Labs recorded an average of 7,300 new bad sites per day; in this period that figure dropped a bit to 6,500 sites, which is comparable to the same time last year. In August we saw an average of more than 3.5 sites rated “red” each minute.
We saw four significant spikes in malicious web content this quarter. They are not linked to any particular attack.
The vast majority of new malicious sites are located in the United States. Next in line, we find the Netherlands, Canada, Germany, South Korea, China, and the United Kingdom. Last quarter we saw the same top seven countries though they finished in a different order.
North America still leads by a large margin (with 66 percent of servers this quarter, 60 percent last quarter, and 68 percent in the first quarter). Europe and the Middle East remain in second rank (23 percent, 25 percent, and 18 percent).
This quarter, the number of websites hosting malicious downloads continued to increase, while the number of sites hosting browser exploits slightly decreased.
The following chart provides a picture of the number of websites delivering malware and PUPs that McAfee Labs detected this quarter.
We saw an increase this quarter, with around 3,500 new sites per day compared with 3,000 per day during the prior quarter.
During the quarter we identified approximately 2,700 phishing URLs per day, very similar to our figures for last quarter. During the same period last year, we counted 2,900 URLs per day.
Related Links:
References:
McAfee Threats Report: Third Quarter 2011

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

مشخصات خبر

 
تاریخ ایجاد: 25 بهمن 1390

برچسب‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0