Blue Coat Systems, the provider of web security and speed optimization solutions, released a mid-year web security report earlier this month, which, among other things, examined the current state of malware ecosystems, and detailed the growing size and reach of malware delivery networks.
The data in the report is derived from the Blue Coat WebPulse collaborative cloud defense and analyzed by the Blue Coat Security Labs. WebPulse unites over 75 million users in a real-time web defense and provides a comprehensive view into Web ecosystems by rating and analyzing nearly 3 billion real-time URL requests per week. With its view into the Web, WebPulse can correlate dynamic lures with delivery paths and dynamic payloads to provide real-time protection against new and emerging threats.
After analyzing the dynamic and interrelated nature of Web-based malware ecosystems, the 2011 Mid-Year Web Security Report concludes that:
- Malware hosting is often found within categories, such as Online Storage and Software Downloads, that companies typically allow in acceptable use policies.
- Businesses should consistently block Pornography, Placeholders, Phishing, Hacking, Online Games and Illegal/Questionable categories to follow best practices for Web security.
- Searching for images and pirated media ranks at the top of the list for possible malware delivery, and users engaging in these activities are especially vulnerable.
- A single defense layer, such as a firewall or anti-virus software, is insufficient to protect against the dynamic nature of malware and the extensive infrastructure of malware delivery networks. Instead, businesses need the real-time protection and intelligence that a cloud-based Web defense can deliver as it quickly expands and adapts to new threats.
- Average number of unique host names per day for the top 10 malware delivery networks is 4,107, and an average of over 40,000 users make unwitting requests to malware networks each day. With the highly covered attacks Lulzsec and Anonymous have made in recent months using DDoS attacks and simple SQL injections, the vulnerability not only of the average web user to malware, Trojans, and viruses, but high profile networks and websites has been pushed to the fore as well.
The full report is available for download here.
Symantec also has released its own intelligence report today that this new form of rapidly changing malware is leading to a rise in sophisticated, socially-engineered attacks. In terms of spam, the report found that the global ratio of spam in email traffic rose to 77.8%, an increase of 4.9 percentage from last month.
Symantec also found that an average of 6,797 Web sites each day harbor malware and other malicious programs, an increase of 25% from last month.
Click to Tweet: Aggressive use of rapidly changing malware leads to rise in sophisticated socially engineered attacks: http://bit.ly/qenShi. The report also shows that the malware is frequently contained inside an executable within the attached ZIP archive file, and often disguised as a PDF file or an office.
And, the further analysis also reveals that phishing attacks have been seeking various means to exploit vulnerable cell phone users. Symantec has also identified phishing sites spoofing such Web pages and has been monitoring the trend.
Other report highlights:
- Spam: In July 2011, the global ratio of spam in email traffic rose to 77.% (one in 1.29 emails); an increase of 4.9 percentage when compared with June 2011.
- Phishing: In July, phishing email activity increased by 0.01 percentage points since June 2011; one in 319.3 emails (0.313%) comprised some form of phishing attack.
- Email-borne Threats: The global ratio of email-borne viruses in email traffic was one in 280.9 emails (0.333%) in July, an increase of 0.01 percentage points since June 2011.
- Web-based Malware Threats: In July, Symantec Intelligence identified an average of 6,797 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 25.5% since June 2011.
- Endpoint Threats: The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit(2), a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions. Variants of the Ramnit worm accounted for 17.3% of all malicious software blocked by endpoint protection technology in July.
For more information, check the infographic embedded below: (click to enlarge)