Today, McAfee Labs released its Threats Report: Fourth Quarter 2011, revealing that new malware samples exceeded the company’s estimate of 75 million for the year. This was solely driven by growth in mobile malware, as growth in PC-based malware was actually down significantly from one year ago. With respect to web threats, the number of malicious websites found daily in the fourth quarter jumped dramatically, up more than 40 per cent from the previous quarter. Data breaches are on the rise, while spam, although at its lowest level in years, is becoming more sophisticated.
McAfee Q4 Threats Report Shows Malware Surpassed 75 Million Samples in 2011
Malicious Sites Nearly Double, while Mobile Malware Continues to Grow
SANTA CLARA, Calif. – Feb. 21, 2012 – McAfee today released the McAfee Threats Report: Fourth Quarter 2011, revealing that malware surpassed the company’s estimate of 75 million unique malware samples last year.
Although the release of new malware slowed in Q4, mobile malware continued to increase and recorded its busiest year to date.
“The threat landscape continued to evolve in 2011, and we saw a significant shift in motivation for cyber attacks,” said Vincent Weafer, senior vice president of McAfee Labs. “Increasingly, we’ve seen that no organization, platform or device is immune to the increasingly sophisticated and targeted threats. On a global basis, we are conducting more of our personal and business transactions through mobile devices, and this is creating new security risks and challenges in how we safeguard our commercial and personal data.”
The overall growth of PC-based malware actually declined throughout Q4 2011, and is significantly lower than Q4 2010. The cumulative number of unique malware samples in the collection still exceeds the 75 million mark. In total, both 2011 and the fourth quarter were by far the busiest periods for mobile malware that McAfee has seen yet, with Android firmly fixed as the largest target for writers of mobile malware.
Contributing to the rise in malware were rootkits, or stealth malware. Though rootkits are some of the most sophisticated classifications of malware, designed to evade detection and “live” on a system for a prolonged period, they showed a slight decline in Q4. Fake AV dropped considerably from Q3, while AutoRun and password-stealing Trojan malware show modest declines. In a sharp contrast to Q2 2011, Mac OS malware has remained at very low levels the last two quarters.
In the third quarter McAfee Labs recorded an average of 6,500 new bad sites per day; this figure shot up to 9,300 sites in Q4. Approximately one in every 400 URLs were malicious on average, and at their highest levels, approximately one in every 200 URLs were malicious. This brings the total of active malicious URLs to more than 700,000.
The vast majority of new malicious sites are located in the United States, followed by the Netherlands, Canada, South Korea and Germany.
Overall, North America housed the largest amount of servers hosting malicious content, at more than 73 percent, followed by Europe-Middle East at more than 17 percent and Asia Pacific at 7 percent.
At the end of 2011, global spam reached its lowest point in years, particularly in the United Kingdom, Brazil, Argentina and South Korea.
Despite the drop in global levels, McAfee Labs found that the present spearphishing and spam are highly sophisticated.
Overall botnet growth rebounded in November and December after falling since August, with Brazil, Columbia, India, Spain and the United States all seeing significant increases. Germany, Indonesia and Russia declined. Of the botnets, Cutwail continues to reign supreme, while Lethic has been on a steady decline since last quarter. Grum made a significant comeback after a long decline, surpassing Bobax and Lethic by the end of Q4.
The number of reports of data breaches via hacking, malware, fraud and insiders more than doubled since 2009, according to privacyrights.org, with more than 40 breaches publicly reported this quarter alone. The leading network threat this quarter came via vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attacks. These remote attacks can be launched at selected targets around the globe.
To access McAfee’s Threats Report: Fourth Quarter 2011, please visit http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2011.pdf.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security.
McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com
McAfee Canada is headquartered in Markham, Ontario, with regional offices across Canada. The company’s Consumer Software Research and Development facility in based in Waterloo, Ontario.