Feb 11 2010

Spam, malware proliferate in late 2009

Category: MalwareDISC @ 2:16 pm

Image by colodio via Flickr

Alejandro Martínez-Cabrera

Online security firm Websense has released a report on the cyberthreat landscape during the second half of 2009, and some of the findings are jaw dropping:

The firm, which scans millions of Web sites and e-mails a day looking for malicious content, found that 95 percent of all user-generated content came laced with some kind of spam or malicious link.

“The notion that the Internet could be the great equalizer turned out to be true after all; unfortunately, it’s mostly making suckers out of all of us,” tech Web site Ars Technica said.

Also surprising: Remember last year when the New York Times said a page on its Web site had been sending malware through its ad network? That was the most high-profile example of how criminals have managed to infiltrate trusted Web sites through a tactic known as drive-by downloading, in which a Web user picks up a virus simply by visiting an infected page. According to Websense, 71 percent of all Web sites generating malware in the second half of 2009 were infected legitimate Web sites.

Echoing what other research has found, the report said the number of infected Web sites went through the roof last year. Websense estimated there was a 225 percent growth in the number of malicious sites in 2009 compared with the year before.

The problem declined slightly in the second half of the year, with the decrease attributed to criminals moving away from attacks on traditional Web sites and attempting to exploit social-networking sites.

Websense also found that 85.8 percent of all e-mails sent in the second half of 2009 were spam.

More surprising is that 81 percent of all e-mail sent during the same period had some kind of malicious link. That means there was a 4-in-5 chance that a link pasted into an e-mail would lead you to download an infected file or take you to an infected Web site. (You usually don’t see all of the junk mail because it’s often filtered by your e-mail provider, browser or antivirus software.)

Finally, Websense found that in the second half of 2009, it took security vendors an average 46 hours – almost two days – to repair damage by malware after it had been identified (compared with 22 hours in the first half of 2009).

“The idea that computer users are not protected for days at a time, or even weeks or a month, may be compared with leaving your laptop in a public space for three weeks and hoping it won’t be used or abused,” the report said.

On Feb 1oth this article appeared on page D1 of the SF Chronicle

Tags: Antivirus software, E-mail, Malware, New York Times, Social network service, Spam, User-generated content, websense