Search engines top vehicle for malware
Nearly 40 percent of malware incidents triggered by Internet searches
Photo credit: andrewwinn/Flickr
Nearly 40 percent of all malware incidents originated via Internet search sites. According to Blue Host, malware delivery networks "are typically hosted across multiple sites and are responsible for launching dynamic attacks on unsuspecting users."
(Also see: When mobile spam turns deadly)
"Web-based malware has become so dynamic that it is nearly impossible to protect every user from every new attack with traditional defenses," Steve Daheb, chief marketing officer and senior vice president at Blue Coat Systems, said in a statement accompanying the report.
Here are the top five:
39.2% -- Search engines/portals
10.5% -- Unrated
6.9% -- Email
6.7% -- Pornography
5.2% -- Social networking
Interestingly, given the huge growth of Facebook, Twitter and others, social networking accounts for a relatively small percentage of malware delivery.
Buried nugget of golden data: Blue Host's report notes "spikes of up to 110,000 new pornography sites in a single day." Those are in addition to the already existing sites. Good thing someone's doing something about the severe porn shortage across the web!
Blue Host sums up the current state of Internet malware thus:
The majority of web threats are now delivered from trusted and popular web sites that have been hacked for use by cybercrime. For this reason, reputation defenses become less effective. The once obscure link farm for search engine poisoning now resides within popular web sites. The exception for link farms is now a rogue domain or remote web location. Phishing attacks overwhelmingly come from popular and trusted web sites hacked by cybercrime. The recent large-scale accumulation of user identities and email IDs by cybercrime only raises the concern for phishing attacks and Advanced Persistent Threats (APTs) that target specific organizations and users.
The leading malware delivery network in the first half of this year was Shnakule, which on average had 2,000 unique host names per day and served up "drive-by downloads, fake anti-virus (AV), fake codecs, fake flash updates, fake warez, fake Firefox updates, and
botnet / CnC controls," Blue Host reported.
Shnakule also hosted more traditional Internet scam activities such as "pornography,
gambling, pharmaceuticals, link farming, and work-at-home scams," the security vendor said.