Cisco’s latest global threat report reveals that Web malware increased by 139 percent in 2010 compared with the previous year. The rate of Web malware encounters peaked in October 2010, at 250 encounters per enterprise for the month.
Rustock botnet activity peaked during the first two weeks of December.
Rustock was first discovered in 2006 and installs a rootkit-enabled backdoor that most commonly has been associated with spam and scareware delivery.
Cisco’s latest threat report also shows the impact of world events on network traffic.
“When Amazon terminated service to WikiLeaks.org for violations of its terms of service, users flocked to distributed file-sharing networks, such as BitTorrent, to obtain copies of the leaked cables from the U.S. Department of State,” Landesman comments. “We noted a steady level of activity around Bit Torrent through the majority of the quarter, with a sharp and prolonged increase in early December, coinciding with the termination.”
The report also revealed that spam volumes dropped considerably in 4Q10, with several key events throughout the year contributing to the decline.
Notable events include the takedowns of botnet segments related to Lethic, Waledac, Mariposa, and Zeus in the first quarter, followed by a takedown of a branch of the Pushdo botnet in August 2010. Fourth quarter takedowns included segments of the Bredolab and Koobface botnets.
SpamIt.org was also shutdown in the fourth quarter. This was a facilitating site for spam-related affiliate revenue. The site’s closure had a profound impact on pharma-related spam, which until then had been the highest overall category of spam.
Although spam volumes dropped considerably, an email attack over the Christmas holiday period, purporting to be from the White House, allowed attackers to steal over 2GB of potentially sensitive material.
The complete report is available here.