فا

‫ McAfee Threats Report: First Quarter 2011- 2nd Section

IRCRE201106070
Date: 2011-06-14
McAfee Labs has surveyed the threats of the first quarter of 2011 in its last report. This security report studies the second section of it in short.
Password Stealers Take It to the Bank
This quarter we noticed an interesting new trend among “banker” Trojans, malware that steals passwords and other data. Although Zeus continues to be prevalent, both the Zeus and SpyEye Trojans are using almost the same phish-like email topics on their spam campaigns. As we have discussed in previous Threats Reports, Zeus development appears to have ceased, with its author merging the source code with SpyEye.
SpyEye’s architecture allows it to add functions via new modules. As of March, the most recent SpyEye (Version 1.3.05) can support more than 150 modules.
At McAfee Labs we see a new password stealer variant every day, and they’re not terribly hard to
combat. However, a few of them continue to develop in a way that challenges security companies. One of these is PWS-Caberp.
PWS-Caberp has been around since last quarter, but due to the improvements we’ve seen this quarter this banking Trojan deserves a special mention. As with SpyEye, PWS-Caberp has a modular configuration that allows it to add new features and updates.
In the coming quarter, besides improvements to SpyEye and PWS-Caberp, we expect to see a revision of Zeus/PWS-Zbot. At the end of this quarter the Zeus source code was leaked on some underground forums, which will certainly result in new variants.
What’s in a Word?
1.2 percent of search results this quarter led to a malicious site, down from 3.3 percent last quarter. 49 percent of the terms led to malicious sites (down from 51 percent). On average, each of these poisoned result pages contained more than two malicious links.
Web Threats
Last quarter McAfee Labs observed a significant increase in the number of domains, IP addresses, and URLs with malicious reputations. In addition to websites with bad reputations, we included in this category sites that host malware, potentially unwanted programs, and phishing sites. This quarter has dropped compared with the previous quarter.
For the quarter McAfee Labs recorded an average of 8,600 new bad sites per day.

We saw some significant spikes in malicious web content this quarter. Many of these sites correspond to high-impact news events such as the Japanese earthquake and tsunami, and major sporting dates. These events are continually exploited by cybercriminals as lures for scams and attacks. The vast majority of these new malicious sites are located in the United States. Next in line, we find South Korea, Germany, and China.
Websites hosting malicious downloads dropped notably this quarter while sites that host browser
exploits remained unchanged:

This quarter we also observed a continued increase in blogs and wikis with malicious reputations.
Websites Delivering Malware and PUPs
The next chart provides a picture of the number of websites delivering malware and potentially
unwanted programs (PUPs) that McAfee Labs detected this quarter.

With two notable exceptions, new malware sites were relatively flat this quarter compared with last quarter, increasing slightly on average. But the two exceptions were outstanding. The spike on January 24 was due to W32/Conficker.worm. That day, we found a tremendous amount of Conficker .info and .org domains.
Phishing Sites
After a rapid increase during the first part of 2010, the number of phishing sites discovered each day has been fairly stable since the second half of that year. This quarter we identified approximately 2,500 sites per day, with two large leaps at the end of January.

Illegal File Sharing
This quarter we identified around 14 new sites per day used for the illegal exchange of copyrighted files. These sites illegally distribute software or electronic media such as copyrighted music or film, illegal license key generators, software cracks, and serial numbers. We include in this category sites that allow users to search for and exchange files from peer-to-peer networks. The United States is the clear leader in this area, with Germany a strong second ahead of China, Russia, and the Netherlands.

Earthquake and Tsunami in Japan
Only two hours after the Japanese earthquake and tsunami struck we spotted the first potential scam donation site. During the few next hours we collected more than 500 malicious domains or URLs with the terms Japan, tsunami, or earthquake in their titles. Most were created in association with spam campaigns, false news sites to distribute malware, and especially fake charity actions.
Vulnerabilities and Network Attacks
This quarter continued the trend of malware authors heavily exploiting weaknesses in both Adobe
Flash and PDF technologies. Our malware database reveals that malicious exploits of Adobe products (more than 36,000 this quarter) topped the number of malicious exploits of Microsoft Office products by a wide margin.

SQL-Injection Attacks
China and the United States continue to be the primary sources for SQL-injection attacks. This quarter again sees China as number one (hosting 50 percent of attacks), with the United States second (25 percent). The Ukraine moved into third position (13 percent), pushing Iran down to fourth (5 percent). Other host countries support no more than 2 percent of attacks.

References:

McAfee Threats Report: First Quarter 2011


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

مشخصات خبر

 
تاریخ ایجاد: 25 بهمن 1390

برچسب‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0