LinkedIn attack comprised over 31% of all spam

Enterprise users experienced an average of 133 Web malware encounters per month, peaking at over 140 during the month of August, according to Cisco.

Approximately 10% of Web malware was encountered via search engine traffic and/or services. During 3Q10, 7% of all Web malware encounters resulted from Google referrers, followed by Yahoo at 2%.

The report also shows that during the course of the largest LinkedIn spoofing in mid-September, the malicious LinkedIn email comprised a significant 31.26% of all spam for that period.

“It is interesting to see that exploits targeting Sun Java increased from 5% of all malware encounters in July 2010 to 7% in September 2010,” comments Mary Landesman, market intelligence manager at Cisco. “However, PDF exploits targeting Adobe Reader and Acrobat actually declined over the quarter, from 3% of all Web malware blocks in July 2010 to 1% in September 2010.”

Interestingly, the report reveals that companies in the Pharmaceutical & Chemical vertical were most at risk for Web malware encounters in 3Q10, experiencing a heightened risk rating of 372%.

Other higher risk verticals in 3Q10 included Energy & Oil (209%), and Agriculture & Mining (169%). The vertical least at risk during the quarter was Aviation & Automotive.

“We can also report that spam volumes were highest in August 2010 compared to the remainder of the quarter. The Rustock botnet was the most frequently encountered event handled by Cisco Remote Operations Services (ROS) peaking in late August.

This botnet is believed to be one of the largest purveyors of spam and has been most predominantly affiliated with sending pharmaceutical and counterfeit watch spam, often in the form of a breaking news alert, a tactic first popularized by the Storm botnet,” adds Landesman.