A unique malware file is created every half-second
Sophos has released its Mid-Year 2011 Security Threat Report, which reveals that since the beginning of 2011, the company has identified an average of 150,000 malware samples every day.
This equates to a unique malware file being created every half-second, a 60 percent increase since 2010. In addition, around 19,000 malicious website addresses (URLs) are now identified daily, with 80 percent of those URLs being pages on legitimate websites that have been hacked or compromised.
High-profile hacking attacks against governments and corporations have dominated the security landscape in 2011. The result is that other security issues which could pose a greater threat to businesses, governments and consumers have received less attention.
Among the key threats identified by the report are:
- Search engine poisoning, also known as Black Hat SEO, is on the rise, threatening businesses of all sizes. Cybercriminals manipulate search results from Google, Bing and Yahoo to lure web surfers to malicious pages that place viruses, worms, Trojans or fake anti-virus software on computers. Search engine poisoning attacks are extremely effective, and account for more than 30 percent of all malware detected by Sophos’s Web Appliance (SWA).
- Fake AV. Recently, the FBI busted a cybergang that tricked nearly a million people into buying its fraudulent software. With a price point ranging from $50 to $130 the scam netted more than $72 million.
- Social media threats have sharply escalated while mass scale email-focused attacks are diminishing. Facebook users in particular are weary of the social network’s safety. As Facebook holds so much personal information on users, scam attacks have been severe in 2011. The scams include cross-site scripting, clickjacking, bogus surveys and identity theft.
- The rise of mobile banking malware. Each mobile phone developer has its own strategy for security, some more effective than others. Understand how a smartphone’s operating system can help protect you, or let malware attack.