Significant malware increase across all platforms
In Q1, PC malware reached its highest levels in four years, as well as a steep increase in malware targeting the Android platform. Mac malware was also on the rise, indicating that total malware could reach the 100 million mark within the year, according to McAfee.
“In the first quarter of 2012, we have already detected 8 million new malware samples, showing that malware authors are continuing their unrelenting development of new malware,” said Vincent Weafer, senior vice president of McAfee Labs. “The same skills and techniques that were sharpened on the PC platform are increasingly being extended to other platforms, such as mobile and Mac; and as more homes and businesses use these platforms the attacks will spread, which is why all users, no matter their platforms, should take security and online safety precautions.”
Mobile Malware Explosion
Mobile malware raced up a significant incline during Q1 2012, with 8,000 total mobile malware samples collected. This large increase was due in part to McAfee Labs’ advancements in the detection and accumulation of mobile malware samples.
Financial profit is one of the main motivators for spreading malware on the Android platform, as identified by McAfee Labs malware researcher Carlos Castillo. Nearly 7,000 Android threats have been collected and identified through the end of Q1, a more than 1200 percent increase compared with the 600 Android samples collected by the end of Q4 2011. The majority of these threats stem from third-party app markets, and are typically not found in the official Android market.
Malware increase in PCs and Macs
By the end of 2011, McAfee Labs collected more than 75 million malware samples. Q1 2012 had the largest number of PC malware detected per quarter in the last four years. This increase brought the grand total to 83 million pieces of malware samples by the end of Q1, up from 75 million samples at the end of Q4 2011. Major contributors to the total were strong increases in rootkits, a stealth form of malware, as were password stealers, which reached approximately 1 million new samples in Q1.
In Q1, email continued to be a medium used for highly targeted attacks, and nearly all targeted attacks began with a spear phish.
As the Flashback Trojan began to wreak havoc among Apple Mac users in March, Mac malware had already been growing at a consistent rate. Despite the growth, Mac malware is still significantly less prevalent than PC malware, with approximately 250 new Mac malware samples, and approximately 150 new Mac fake anti-virus malware samples in Q1.
Spam low, botnets high
Global spam levels dropped to slightly more than 1 trillion monthly spam messages by the end of March. Decreases were most significant in Brazil, Indonesia, and Russia, while increases in spam were found in China, Germany, Poland, Spain, and the United Kingdom.
Botnet growth increased in Q1, reaching nearly 5 million infections at its highest point. Columbia, Japan, Poland, Spain, and the United States were areas with the largest botnet increase, while Indonesia, Portugal, and South Korea were regions that continued to decline. The most prevalent botnet of Q1 was Cutwail, with more than 2 million new infections.
McAfee’s report depicts the price breakdown for a botnet sold on the black market. Citadel, a Zeus variant and financial botnet, will cost a cybercriminal $2,399 plus $125 for “rent” of a botnet builder and administration panel, with an extra $395 for automatic updates for antivirus evasion. For Darkness, by SVAS/Noncenz, a distributed denial of service botnet, options range from $450 for a minimal package to approximately $1,000 for more advanced offerings.
United States the primary source of cyberattacks
A compromised machine is often used as a proxy for spam, botnets, denial of service, or other types of malicious activities. These machines can be located anywhere in the world, but for Q1 many were located in the United States.
Based on data collected from the McAfee Global Threat Intelligence network, the United States was the primary source of SQL-injection attacks and cross-site scripting attacks, and also had the highest number of victims of both attacks. The United States currently houses the most botnet control servers, and the location point for the vast majority of new malicious websites, with an average of 9,000 new bad sites recorded per day.