Biggest Threats: Unpatched Software

Malware targeting Microsoft, Adobe and Java applications continued to be the biggest threats. Cyber-attackers weren’t going after 0-days, as it was easier and just as lucrative to target unpatched programs using known (and fixed) vulnerabilities.

Grandparents aren’t the only ones on Facebook. The criminals are, too. The number of Facebook-based scams soared and continue to be a serious threat, tricking users to click on titillating videos or applications. Facebook wasn’t the only social networking site under attack; LinkedIn spam also increased.

Attackers are increasingly sending emails in combined attacks, such as spear phishing with HTML or PDF attachments that exploit unpatched software. Other types of malicious spam rely on good old social engineering to get users to hand over sensitive data.

The efforts of Microsoft, the Justice Department and other security companies to shut down Rustock and Coreflood seem to be paying off, as global spam volumes seem to be down. While the amount of malicious spam hasn’t changed, the overall spam volume is much less than it used to be.

While Zeus may be one of the most well-known attack kits, it’s not the most commonly used. That distinction goes to Neosploit, which dominated in the first half of 2011, followed by Phoenix and Blackhole.

Attackers increasingly monetized their scams using fake antivirus software. Users were tricked into downloading malware, usually fake antivirus software, which couldn’t be removed until they handed over their credit card details.

Underground antivirus development and testing tools also have proliferated. Now malware developers could, for a small fee, check to see whether current antivirus programs from security vendors would be able to detect their malicious code.

More and more Web attacks are relying on malvertisements and other dynamic links to compromise legitimate Websites. Attackers don’t need to hack into major Websites if they can inject malicious code into a URL or into an ad that links to the site.

Why increase costs when there are so many free or low-cost options available? Cyber-criminals increasingly registered free .co, .cc and similar Internet domains for their attack sites, used free hosting services and relied on free online storage services to host malware files.

While various vendors differed on the exact order, everyone agreed that the U.S. hosted the most malware. The other countries in the top five were China, Germany, the United Kingdom and the Russian Federation.