Spam and botnets have hit their highest levels ever, according to McAfee's second-quarter Threats Report, released Wednesday. McAfee's Avert Labs says spam recorded in the second quarter shot up 80 percent compared with the first quarter of the year.
This follows a brief reprieve from spam following last year's shutdown of the McColo ISP. June alone saw the largest amount of spam recorded by McAfee, surpassing the previous monthly high in October by more than 20 percent. McAfee now estimates that spam accounts for 92 percent of all e-mail.
(Credit:
McAfee Avert Labs)
By country, the amount of worldwide spam originating from the United States has dropped steadily over the past three quarters, but the U.S. still leads in spam production at 25.5 percent of the global market. Brazil, Turkey, India, and Poland have also seen sizable increases at producing spam.
(Credit:
McAfee Avert Labs)
Zombies and botnets are on the rise, said the report, indicating that more computers are being hijacked to send spam and malware. McAfee recorded almost 14 million new zombies in action over the second quarter, a rise of more than 150,000 new zombies each day, another record.
Zombies and botnets can thank all the unprotected home computers, notes McAfee. More home users are setting up their PCs as remote access machines and as Web hosts, leaving those PCs increasingly vulnerable.
Another major threat reported by McAfee is AutoRun malware, which is triggered automatically when a person plugs in a USB stick, memory card, or other external device. The Trojans PWS-OnlineGames and PWS-Gamania and two viruses named W32/Sality and W32/Virut have propagated through removable cards and drives.
McAfee said it uncovered AutoRun malware in more than 27 million infected files during one 30-day period alone this past quarter, earning it the No. 1 spot of all malware detected worldwide.
(Credit:
McAfee Avert Labs)
"The jump in bot and spam activity we saw in the last three months is alarming, and the threat from AutoRun malware continues to grow," said Mike Gallagher, senior vice president and chief technology officer of McAfee Avert Labs.
Social-networking sites are another popular target for cybercriminals, noted the report. The openness of social networks often puts them at risk.
On Facebook, people freely access different applications that require a username and password, so those apps can easily tap into their accounts. McAfee also saw an increase this past quarter in the "popular" Facebook malware Koobface.
Twitter too has seen its share of threats. In April, the site was hit by a JavaScript worm that exploited a hole to infect user profiles. The same month, a French hacker was able to gain access to the account of a Twitter product director.
The use of sites like TinyURL by tweeters to shorten a lengthy URL can also pose a problem, said McAfee. Users have no idea what Web site the TinyURL redirects to until it actually opens.
McAfee releases its Threats Report each quarter. The first-quarter report was published in May.
This message could lead you to the Koobface virus, say security experts.
(Credit: McAfee Avert Labs)A worm responsible for sending Facebook users malicious code appears to be limited in nature, although the social engineering attack may be used again, say experts.
Facebook representative Barry Schnitt said the worm isn't new; it dates back to August, although the variant that first appeared on Wednesday targets only Facebook users.
Craig Schmugar, threat researcher for McAfee Avert Labs, confirmed this in a call with CNET News and said that, in general, Koobface strikes only social-networking sites.
After receiving a message in their Facebook in-box announcing, "You look funny in this new video" or something similar, recipients are then invited to click on a provided link. Once on the video site, a message says an update of Flash is needed before the video can be displayed. The viewer is prompted to open a file called flash_player.exe.
A new mass-mailing virus targeting Facebook users directs victims to a site asking to download a Trojan masked as an Adobe Flash update.
(Credit: McAfee Avert Labs)Schmugar said the prompt for a new player should be a warning. "The messages you tend to get from these sites don't look quite right." For instance, IE will tell you where the update is coming from, and usually it's not an Adobe site.
If the viewer approves the Flash installation, Koobface attempts to download a program called tinyproxy.exe. This loads a proxy server called Security Accounts Manager (SamSs) the next time the computer boots up. Koobface then listens to traffic on TCP port 9090 and proxies all outgoing HTTP traffic. For example, a search performed on Google, Yahoo, MSN, or Live.com may be hijacked to other, lesser-known search sites.
Schmugar said this version of Koobface includes a bot-like component that could install other malicious apps at a later time.
Facebook's Schnitt said, "Only a very small percentage of Facebook users have been affected and we're working quickly to update our security systems to minimize any further impact, including resetting passwords on infected accounts, removing the spam messages, and coordinating with third parties to remove redirects to malicious content elsewhere on the Web."
Facebook has posted instructions on how to remove the infection.
McAfee's Schmugar said this attack is similar to e-mail attacks 10 years ago in that Koobface is using infected friends lists, reminiscent of early mass-mailing worms. As was the recommendation then, he advises users not to open any unexpected e-mail attachments, even if they are from someone you know.
What if your desktop security application could detect and remove a new threat that was only minutes old? That's the impetus behind McAfee Artemis Technology, announced on Monday.
Artemis, which McAfee plans to market within its 2009 consumer products as "Active Protection," is not focused on hourly updates, or even 15-minute updates, as rival Symantec has. It means instant detection, said Dave Marcus, director of security research and communications for McAfee Avert Labs.
McAfee's use of Artemis is similar to Trend Micro's use of cloud-based computing to analyze and produce new signature files within 15 minutes in that software on the desktop, then pass suspicious files to a larger, remote database. McAfee's Marcus told CNET News that the difference is that McAfee plans to use a desktop communication channel already built into the product, so existing users won't need to download new software.
The file database maintained at McAfee Avert is much larger than what's possible on the desktop. Marcus said it's responsive to minute-by-minute changes in the threat landscape. The new technology opens a doorway to the larger database.
When asked if Artemis is a listening agent, one that reports desktop activity back to McAfee, Marcus dismissed the idea. He said that whenever the McAfee software finds something suspicious and not in its signature database, it'll ping the larger database back at McAfee Avert Labs to get the signature needed. The files sent back and forth are minuscule, he added.
Marcus confirmed that McAfee would continue to send down daily signature files, but, in the heat of the moment, if a new malware sample is received by a McAfee-protected computer, it'll have instant protection from the vast database back at the company headquarters.
- prev
- 1
- next
