A report by Panda Security found that 20 million new malware strains have been created this year, including more than a third of all active malicious programs.
Malware authors have been very busy this year.
How busy? According to Panda Security, 20 million new strains of malware
have already been created this year-the same total as in all of 2009. The
shortened lifespan of the malware combined with the increased number of
variants demonstrates a shift in the cyber-crime landscape, where many
variants are now being created
to infect a small number of
systems before they disappear, the vendor said.
"Since 2003, new threats
at a rate of 100 percent or more," said Luis Corrons,
technical director of PandaLabs, the company's research arm, in a
statement. "Yet so far in 2010, purely new malware has increased by only
50 percent, significantly less than the historical norm.
"This doesn't mean that there are fewer threats or that the cyber-crime
market is shrinking," he said. "On the contrary, it continues to
expand, and by the end of 2010 we will have logged more new threats in
Collective Intelligence than in 2009. It seems hackers are applying economies
of scale, reusing old malicious code or prioritizing the distribution of
existing threats over the creation of new ones."
The average number of new threats created each day has reached 63,000 to
date, the company said, a figure roughly the same as what was reported
in recent research
Panda also found however that the average lifespan of 54 percent of malware
has been cut to just 24 hours. Thirty-four percent of all active malware
threats were created this year, the company said.
Some of those threats are undoubtedly infecting users via malicious Websites
promoted through black hat search engine optimization (SEO) efforts. A
report by CyberDefender Research Labs noted keyword combinations such as "Thanksgiving
Lunch Invitations," "Thanksgiving Invitation Template" and "Thanksgiving
Printable Invitations" were drawing malicious results.
Out of 50 search results for each of the three terms, roughly 20 directed
users to infected URLs, the firm said. Waiting for the user is a fake antivirus
scan page that tells the person they need an immediate scan of their PC,
followed by a prompt to download malware.
"SEO attackers most likely to target holiday shopping keywords are
those that push fake/rogue antivirus software aka scareware," said Sean
Sullivan, security adviser for F-Secure. "Typically these types of
attackers react to trending topics such as celebrity deaths and other
newsworthy events. The holiday season and shopping-related searches offer these
attackers a proactive set of topics to focus on. They know in advance what the
likely trending topics will be."