Q1 Threat Report: Surge in Malware, Drop in Spam
With six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history.
Hack attacks weren’t the only problem during the first half of 2011. Malware is becoming more complex and is seemingly everywhere. While the exploits of Anonymous and LulzSec grabbed the headlines, the real damage is being done by fake anti-virus, search engine poisoning and social networking scams.
That’s what Sophos discovered in its midyear report. Some of the highlights of the report:
- Since the start of 2011, Sophos saw an average of 150,000 malware samples every day (that’s a new unique malware threat almost every half second) — a 60 percent increase over 2010.
- Sophos saw 19,000 new malicious URLs each day in the first half of the year — 80 percent of those URLs being legitimate sites that have been hacked or compromised.
- Search engine poisoning, also known as Black Hat SEO, is on the rise, threatening businesses of all sizes and accounting for more than 30 percent of all malware detected by Sophos Web Appliance (SWA) according to SophosLabs.
- Social media threats have sharply escalated with 81 percent of respondents to a Sophos poll saying it posed the biggest security threat of all social networks — up from 60 percent last year.
In a release, Mark Harris, vice president of SophosLabs, said:
2011 has seen a continued massive uptick in the volume of malware in which the Web is the dominant vector for both targeted and mass-scale attacks. The virulence of attacks such as fake AV requires a prompt move by IT organizations and consumers to employ more layered Web protection and defenses to reduce the attack surface of the devices they use.
This appears to line up with other midyear reports that are coming out. Over at TechCrunch, there are similar concerns about malware problems through 2011. The article stated:
Larger malware networks have begun swallowing smaller malware entities, and they’re now serving up their web landmines at astonishing rates. Apple even seems to have reached the tipping point, with enough market share that malware networks have begun targeting Apple OSes. It’s not quite the “explosion of malware on Macs” many forecasted, but it’s still a much larger problem than it was a year ago. And it’s not just desktops and laptops that are affected, malware has gone mobile, too. Android appears to becoming more vulnerable, as security firm, Kaspersky Lab, identified 70 different malware on Google’s mobile OS in March.