Wednesday, May 6, 2009

McAfee highlights bots and Spam in Q1 Report

| Brett D. Arion |
McAfee’s latest Threat Report which covers the first quarter of 2009, highlights a fifty percent growth in bots, and confirms the increase of Spam levels as Spammers recover from the loss of McColo. In addition, the report kick-starts what will be a growing trend, a full on backlash against Conficker.

McAfee launches their recent report with the discovery of 12 million new IP addresses operating online as part of a botnet. The bots can be used to send Spam, which most of them are, but they can also be used to spread Malware and to launch attacks. The existence of bots or their growth is nothing new to the security sector, but the fact there was such a growth, fifty percent according to McAfee, means that end user systems are still under patched and over exposed.

Of the IP addresses observed as a bot, 18 percent of them were in the U.S. and 13 percent were in China. For the first time, Australia makes the list, rounding out the top three with six percent. Since most of the bots observed were sending Spam, McAfee said that this is a clear example of the criminals recovering from the loss of McColo. Recent reports from IBM confirm this trend, especially when it comes from image-based Spam.

“…spam volumes have already recovered about 70 percent since McColo Corp. went offline. Compared with the same quarter a year ago, spam volumes are 20 percent lower in 2009 and 30 percent below the third quarter of 2008, which had the highest quarterly volumes recorded to date,” a company statement said.

On the Malware related side of things, Koobface was the popular Malware for the quarter, with 800 new variants discovered alone in March. Also noted was the growth in legit websites being used to host Malware. Most of those sites, where the reputation is a factor and one the criminals hope to exploit, were located in the U.S., with China and Germany falling in second and third place respectively.

Lastly, McAfee looks to start a trend among the larger security vendors, by pointing out that Conficker earned the most news coverage, but only accounted for a small portion of the actual threat landscape online. According to McAfee’s numbers, AutoRun related Malware, which is used by some of the variants of Conficker, only accounted for ten percent of detections in Q1.

McAfee’s full report is online here.

Reblog this post [with Zemanta]

Free Security Magazines