December 07, 2010, 3:06 PM — Symantec's MessageLabs has released its annual security report, and it's not pretty. Not only does the MessageLabs Intelligence: 2010 Annual Security Report reveal concerning malware trends for 2010, but the sneak peek at what 2011 might hold isn't very comforting either.
Like the recent report from McAfee, the MessageLabs security report finds that new malware was detected at an alarming rate in 2010. The MessageLabs press release explains, "In 2010, there were more than 339,600 different malware strains identified in malicious emails blocked, representing over a hundred-fold increase since 2009. This massive increase is largely due to the growth in polymorphic malware variants, typically generated from toolkits that allow a new version of the code to be generated quickly and easily."
Two of the findings in the MessageLabs report are indicators of an overall trend in malware. First, as businesses and consumers continue to migrate to the cloud, and as users spend more time online--whether from a desktop or laptop PC, or from a tablet or smartphone--the Web is emerging as a primary platform for attacks.
The MessageLabs report clarifies, "For 2010, the average number of new malicious Web sites blocked each day rose to 3,066 compared to 2,465 for 2009, an increase of 24.3%. MessageLabs Intelligence identified malicious web threats on 42,926 distinct domains, the majority of which were compromised legitimate domains."
MessageLabs also identifies disturbing trends with botnets. Botnets are pervasive, versatile, and resilient, and they allow compromised PCs to be used to execute a variety of malicious tasks from spam distribution to distributed denial-of-service (DDoS) attacks.
As nefarious as botnets are today, MessageLabs predicts that they could have some new tricks in 2011. "It is predicted that in 2011 botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view--perhaps within images or music files distributed through file sharing or social networking web sites. This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure thus minimizing the chances of discovery.