Study: Malware risks are growing exponentially

A new report from security services provider ScanSafe finds that companies are at increasing risk of having employees inadvertently download backdoors and password stealers onto corporate computers from Web sites that have malicious software hidden on them.

A company in ScanSafe's focus group faced a nearly 500 percent greater risk of exposure to those threats in September than was faced in January of this year, according to ScanSafe's Global Threat Report released on Tuesday.

Companies in the energy sector are at greater risk from Web-based malware than other industries, the report concludes. The energy sector, worldwide, faces a 189 percent higher risk of exposure from workers visiting sites with malware on them than other industries, followed by the pharmaceutical and chemicals industry, construction and engineering, and media and publishing.

"On a more positive note, government agencies were at 0 percent, which indicates they were at neither higher nor lower rates of exposure compared to other verticals," Mary Landesman, senior security researcher at ScanSafe, writes in a blog post.

The industry with the lowest rate of exposure was aviation and automotive. Landesman says she can't say exactly why one sector is more at risk than another but expects to release more findings soon that could help answer that question.

Overall, there was a flattening in the volume of threats in August and September, although ScanSafe is seeing a spike in October. Landesman says things could get ugly from a malware perspective throughout the rest of this year.

The holidays tend to be busy for socially engineered-types of malware, Landesman said. Plus, "the economy is hurting people's finances and this could encourage criminals to up their efforts to gain more money through illicit means," she said.

Also on Tuesday, security firm MessageLabs released statistics on the numbers of phishing attacks related to the banking crisis.

MessageLabs intercepted 7,000 phishing attacks exploiting Bank of America on October 16 and 15,000 on October 17, reaching 125,000 total e-mails over that weekend. American Express was the focus of a phishing attack that started on October 20 and reached 35,000 e-mails for the day.

The Cutwail botnet, which controls more than 1 million active unsuspecting zombie computers on the Internet and is believed to be the largest botnet, is responsible for those phishing attempts, MessageLabs said.