Web-based attacks are continuing to become a popular method for spreading malware, creating zombie computers and
harvesting account credentials, according to two new security reports. The spam that lures victims to malicious websites is also increasing, helping fuel the trend.
Attackers are setting up more than 3,000 new malicious websites every day, according to Symantec Corp.'s MessageLabs October 2009 Intelligence Report. The sites, which spread malware and scareware antivirus programs, increased more than 32% over September.
The MessageLabs report found that new malware is accounting for 37.6% of all Web-based malware intercepted by the security vendor in October, an increase of 4.1% since September.
Meanwhile, McAfee Inc., which released its quarterly analysis, detected a new wave of file-sharing sites fueling an increase in Web-based attacks. The sites may be a result of the clampdown on The Pirate Bay torrent site following the prosecution of its founders in Sweden, according to McAfee. While the sites appear to contain pirated material, McAfee researchers said many of the files contain malware and malicious software downloaders.
In addition the McAfee report found spam and malware levels at an all-time high. McAfee said spam in the third quarter reached its highest level in history, breaking the previous record set in the second quarter of 2009 by 10%. It now comprises 92% of all email.
Spammers employed successful social engineering tricks in the third quarter, using the names of prominent government agencies to lure users to click on a malicious link leading to attack websites. Spam messages using the Internal Revenue Service (IRS) warning of a misreported income tax filing and more recently the Federal Deposit Insurance Corporation (FDIC) warning people that their bank is on a list of failed banks, are tricking users into visiting attack sites, McAfee said.
Much of the spam can be attributed to the Cutwail botnet, which has rebounded since its command-and-control servers were disrupted by the Federal Trade Commission's shutdown of rogue ISP 3FN.net.
The Koobface worm continued to spread in the third quarter, tricking victims into downloading malware and spyware to their PCs via social networking sites like Facebook, MySpace and Twitter. Koobface spreads using victim friend lists, making it behave as a worm, McAfee said. Although the number of Koobface attacks was down slightly from the previous quarter, McAfee warned users of social networks to remain vigilant.
In addition, McAfee found the rogue antivirus business continuing to grow quarter after quarter. The scareware antivirus programs are spreading via poisoned search engine results.
"Given the black-hat search-engine optimization (SEO) tactics that infect those searching for the latest malware data as well as the rapid rise in the rogue anti-virus business, one wonders how much fear permeates the security community," McAfee said. "In addition, plain old malicious websites continue to thrive. Even with the cooperation of the Internet community to combat them, there are many opportunities for malware authors to exploit."