Looking at computer threats from quarter to quarter remains a busy experience for us at McAfee Labs. Through the first three quarters of the year we have analyzed and cataloged more threats than in all other years combined, and the growth in both volume and sophistication of malware and attacks shows no signs of slowing.
This quarter we have seen quite a bit of activity from old nemeses such as Koobface, fake anti-virus software, password-stealing Trojans, and AutoRun (a.k.a. USB-based) malware. In our current review, McAfee Threats Report: Third Quarter 2010, we look at the top malware threats around the globe. We observed significant development in one of the most dangerous threats we face: the Zeus robot network. Threats to mobile devices are attracting more attention, and we now see the Zeus bot is also riding the mobile wave. In many ways these new threats will mirror many of the established threats as they make their way to new platforms—because the human element, with its constant susceptibility to social engineering, remains the same.
Spam volumes are still quite high, and the geographical and subject breakdown by region is as fascinating as always this quarter. We also look globally at botnets.
We saw growth in the number of malicious websites and continued abuse of search-engine results. SQL-injection attacks allowed China to reclaim the dubious honor of Number 1 source. Search engine and term abuse continues to mirror the news of the day, and we saw many developments in the areas of cybercrime and hacktivism—specifically in stolen identities and cybercrime toolkits.
However, all these attack vectors take a backseat to the quarter’s most significant threat: Stuxnet. This advanced worm took center stage amid rumors of government conspiracies and cyberwarfare.
When we look back, this year might well become known as the Year of the Targeted Attack, due to narrowly aimed malware such as Stuxnet and Operation Aurora. In the mean time, join us to learn what the threat landscape in the third quarter held for us.