Blue Coat Systems, the provider of web security and speed optimization solutions, released a mid-year web security report earlier this month, which, among other things, examined the current state of malware ecosystems, and detailed the growing size and reach of malware delivery networks.
Malware and malicious software have been around for years, but malware networks are becoming increasingly dynamic and continue to wreak havoc on search engines, email, and everything in between. No, my computer has not been infected by visiting this site, and, no, I will not download your antivirus software, Malware bot.
Larger malware networks have begun swallowing smaller malware entities, and they’re now serving up their web landmines at astonishing rates. Apple even seems to have reached the tipping point, with enough market share that malware networks have begun targeting Apple OSes. It’s not quite the “explosion of malware on Macs” many forecasted, but it’s still a much larger problem than it was a year ago. And it’s not just desktops and laptops that are affected, malware has gone mobile, too. Android appears to becoming more vulnerable, as security firm, Kaspersky Lab, identified 70 different malware on Google’s mobile OS in March.
Hide yo wife, hide yo kids, etc.
Building on top of Blue Coat’s midyear report by Chris Larsen, a senior malware researcher, the team put together a nifty little infographic detailing the shape and heft of the malware ecosystem and what areas in particular pose the biggest threats. Larsen told me that, as one might expect, if you’re a malware provider, you want to be where the crowds are, setting your traps in the most highly trafficked areas of the Web.
He also said that the most common form of malware is the invitation to download fake antivirus software, but there’s also the age-old “Take this survey!” malware, and or the one that comes disguised as a PDF or office document file. And users can be infected by malware or spam without even downloading a file, Larsen says, as a form of drive-by downloading makes it possible to ply your browser for vulnerabilities and dive in when they see the opportunity.
According to Larsen and team’s research, search engines have become breeding grounds for malware. And though Google does a good job of identifying poisonous text links, image search is currently “the most dangerous activity” one can engage in on the Web. Part of the problem is that the design of Google’s image search is such that you may be clicking on an image cached by Google that is coming from one of a malware network’s many phony websites. You’ve already clicked through to the image before you know you’re cooked.
Malware networks don’t traditionally come with names, as one might expect, but Larsen said that the security industry has now been tracking the biggest malware offenders for long enough that they’ve been able to identify trends. Traditionally, he said, malware has been identified by particular attacks (and named accordingly), but the reality, he said, is that some networks have grown so large that they have their hands in many different scams at once.
They might be gaming you on Twitter, offering you fake antivirus software in a Google image search, and trying to sneak into Apple OS X through the backdoor all at the same time. Blue Coat has begun employing a naming system for the top malware networks, using plays on mythical tricksters to give these malicious networks an identifier.
And they need names, because these networks are fast, and they’re slippery. The average number of unique host names per day for the top 10 malware delivery networks is 4,107, and an average of over 40,000 users make unwitting requests to malware networks each day. With the highly covered attacks Lulzsec and Anonymous have made in recent months using DDoS attacks and simple SQL injections, the vulnerability not only of the average web user to malware, Trojans, and viruses, but high profile networks and websites has been pushed to the fore as well.
It should be noted that we need to be careful of taking an alarmist stance (just when you thought it was safe to back in the water!); we don’t exactly need one more thing to worry about in our daily web activities, but it is important to be aware of the areas of the Web that malware networks are targeting as entry points. Many of us have had our own Facebook or Twitter accounts hijacked by link-disseminating malware — or at least know someone who has. Shoppybag anyone?
What’s more, Symantec released its own intelligence report today that this new form of rapidly changing malware is leading to a rise in sophisticated, socially-engineered attacks. In terms of spam, the report found that the global ratio of spam in email traffic rose to 77.8 percent, an increase of 4.9 percentage from last month.
Symantec also found that an average of 6,797 Web sites each day harbor malware and other malicious programs, an increase of 25 percent from last month.
For more, check out the infographic below:
Excerpt image courtesy of MaximumPC.