Spam and botnets have hit their highest levels ever, according to McAfee's second-quarter Threats Report, released Wednesday. McAfee's Avert Labs says spam recorded in the second quarter shot up 80 percent compared with the first quarter of the year.
This follows a brief reprieve from spam following last year's shutdown of the McColo ISP. June alone saw the largest amount of spam recorded by McAfee, surpassing the previous monthly high in October by more than 20 percent. McAfee now estimates that spam accounts for 92 percent of all e-mail.
(Credit:
McAfee Avert Labs)
By country, the amount of worldwide spam originating from the United States has dropped steadily over the past three quarters, but the U.S. still leads in spam production at 25.5 percent of the global market. Brazil, Turkey, India, and Poland have also seen sizable increases at producing spam.
(Credit:
McAfee Avert Labs)
Zombies and botnets are on the rise, said the report, indicating that more computers are being hijacked to send spam and malware. McAfee recorded almost 14 million new zombies in action over the second quarter, a rise of more than 150,000 new zombies each day, another record.
Zombies and botnets can thank all the unprotected home computers, notes McAfee. More home users are setting up their PCs as remote access machines and as Web hosts, leaving those PCs increasingly vulnerable.
Another major threat reported by McAfee is AutoRun malware, which is triggered automatically when a person plugs in a USB stick, memory card, or other external device. The Trojans PWS-OnlineGames and PWS-Gamania and two viruses named W32/Sality and W32/Virut have propagated through removable cards and drives.
McAfee said it uncovered AutoRun malware in more than 27 million infected files during one 30-day period alone this past quarter, earning it the No. 1 spot of all malware detected worldwide.
(Credit:
McAfee Avert Labs)
"The jump in bot and spam activity we saw in the last three months is alarming, and the threat from AutoRun malware continues to grow," said Mike Gallagher, senior vice president and chief technology officer of McAfee Avert Labs.
Social-networking sites are another popular target for cybercriminals, noted the report. The openness of social networks often puts them at risk.
On Facebook, people freely access different applications that require a username and password, so those apps can easily tap into their accounts. McAfee also saw an increase this past quarter in the "popular" Facebook malware Koobface.
Twitter too has seen its share of threats. In April, the site was hit by a JavaScript worm that exploited a hole to infect user profiles. The same month, a French hacker was able to gain access to the account of a Twitter product director.
The use of sites like TinyURL by tweeters to shorten a lengthy URL can also pose a problem, said McAfee. Users have no idea what Web site the TinyURL redirects to until it actually opens.
McAfee releases its Threats Report each quarter. The first-quarter report was published in May.
In the wake of the Conficker worm spreading via removable storage devices among other methods, Microsoft said on Tuesday it is making a change to the way Windows 7 handles USB drives.
As a result of the change, most USB drives will not be able to automatically launch a program using a Windows feature known as AutoRun, Microsoft said in a post on its Security Research & Defense Blog.
So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microsoft said.
Fixed removable media, such as CDs and DVDs will still be able to use AutoRun. Also, some specialized "smart" USB flash drives such as those containing U3 software will still be able to appear as DVD drives, effectively allowing them to also use AutoRun, Microsoft cautioned.
The change will show up in the release candidate version of Windows 7 that is being released to developers this week and publicly on May 5.
Microsoft said it is planning on making the change available on Windows Vista and Windows XP, as well.
In February, Microsoft released an update for Windows AutoRun that allows people to selectively disable the AutoRun functionality for drives on a system or network to provide more security. The update addressed an issue that prevented the NoDriveTypeAutoRun registry key from functioning as expected. Disabling AutoRun functionality can help prevent the execution of arbitrary code when a removable storage device is used.
The AutoRun functionality has been blamed for malware that has infected USB thumb drives, leading to a temporary ban on their use at the U.S. Defense Department, and digital photo frames, among other storage types.
Microsoft detailed additional security features in Windows 7 during the RSA security conference last week.
Before the change, the malware is leveraging AutoRun (box in red) to confuse the user.
(Credit: Microsoft)
After the change, AutoRun will no longer automatically launch when most USB drives are attached, so the AutoPlay options are safe.
(Credit: Microsoft)
- prev
- 1
- next
