Tuesday Most Active Day for Malware Distributors, Says SonicWALL

SonicWALL researchers analyzed the malware and threat landscape of 2010 and found several global trends, including the intriguing finding that Tuesday is typically the most threat-heavy day of the week.

After analyzing the malware and online threats of 2010, SonicWALL security researchers said they found that Tuesday was the most threat-heavy day of the week.

Monday was a close second for threat-related traffic, Ed Cohen, Sonic Wall's vice-president of e-mail security, told eWEEK. It wasn't clear from the analysis why malware activity was the highest on Tuesdays, but Cohen speculated a connection with Microsoft's Patch Tuesday announcements.

SonicWALL researchers noticed this pattern for China, India, Mexico, South Africa, Taiwan, Turkey, the United States, and several European countries, Cohen said.

The end-of-year cyber-security summary is based on an analysis of data collected by the SonicWALL Global Response Intelligent Defense Network during 2010, said Cohen. The data, collected by "millions" of SonicWALL anti-spam and e-mail security sensors, is broken out geographically and includes information of more than 30 countries, the company said.

The researchers also found that the most active time for threat-related traffic in the U.S. was between 10 a.m. and 11 a.m. Pacific time, said Cohen. He said this coincided with the West Coast getting started with the workday and the East Coast just returning from lunch.

Interestingly, the researchers found that malware has a seasonal component, with certain types being more prevalent during specific times of the year, said Cohen. According to the analysis, Trojans tend to peak in September and December, corresponding with the proliferation of back-to-school offers and holiday greeting cards. However while worms spike in December just in time for the holidays. As expected, adware threats peak over September, October, and December, as online advertisers serve up more ads during the holiday season.

However, there was also a "second wave" of threats, as attackers send follow-up scams in January, when bills come due, said Cohen.

Malware activity was high during the 2010 holiday season and the researchers expect distribution levels twice what was seen in 2009 and 2008, said SonicWALL. The top three threats were Trojans, video-based malware and PDF-based exploits.

The amount of malware for the whole year 2010 tripled, compared to 2009, as well, said SonicWALL. Along with PDF-exploits, Java-based exploits were very common during the year, said Cohen. He expects a rise in mobile malware, as he saw several proof-of-concept attacks, such as one for the iPhone. The other top threats for the year included the Conficker worm, Zeus Trojan, FakeAV scams, and Web exploits kits such as Gumbla and Phoenix.

Phishing fraud continues to be a serious problem, SonicWALL said. In fact, most of the threats the researchers found in 2010 were not "brand-new" types of malware, nor were they "super-intelligent," said Cohen. The number of e-mails soliciting people to go to bogus Web sites have increased, but still fell under the category of "traditional" phish and spam attacks, he said.

Even though China has often been cited as one of the countries responsible for sending out malware and spam, SonicWALL researchers found that China and Taiwan were now the most heavily hit by threats, Cohen said. Taiwan topped the list as the country most heavily hit with malware, while China was the country most heavily hit with intrusion related and multimedia threats, according to the research analysis.

In an analysis of poisoned Google search terms, the researchers found that terms related to the Oscar awards were the most common, such as "what time do the Oscars start," "Oscars winners 2010 list" and "academy awards 2010 time," said Cohen.

"These findings serve as a tool to give IT insight into how best to prepare their networks for the upcoming year," said Boris Yanovsky, vice-president of software engineering at SonicWALL.