Feeds

Spam crashes to historic low as malware explodes on mobiles

Android Trojans soar, Mac viruses fall off a cliff

SANS - Survey on application security programs

The volume of malware samples detected by McAfee passed the 75 million milestone late last year, the Intel-owned security firm reported this week.

Although the release of new malware slowed in Q4 2011, mobile malware continued to increase albeit from a low base. Android was by far the most targeted platform with 400 new strains appearing in just that quarter, compared to a cumulative total of little over 100 prior to the last three months of 2011. For comparison, there were four million new strains of Windows malware in Q4 2011, compared to 6m in Q2 2011.

Scareware volumes dropped considerably between Q3 and Q4 2011, while AutoRun and password-stealing Trojan malware each showed modest declines over the same period. Mac-specific malware, which spiked in Q2 2011, dropped off in the last two quarters of last year. In June 2011, more than 250 new samples were detected but this figure trailed off to less than 50 in Q4 2011. Almost all the June samples were designed to power fake anti-virus for Mac scams.

McAfee advises Mac fans to not discount security threats, despite the decline.

"Mac malware had a big spike in the second quarter but has remained quiet since then. As always, comparing overall malware growth for the Mac with that for PCs makes the Mac threat look rather tame, but it’s always wise to protect your system, even if it’s a MacBook Air."

McAfee Labs recorded an average of 9,300 new bad websites per day in Q4, up from 6,500 in the previous quarter. The vast majority of new malicious sites were hosted in the US, followed by the Netherlands, Canada, South Korea and Germany.

While the malware outlook remains bleak there was much better news on the junk mail front. Global spam reached its lowest point in years at the end of last year, according to McAfee. Somewhere around 1 trillion spam messages were dispatched per day in December 2011, compared to 2 trillion in May 2011. The volume of legitimate email hovered at between 450 and 500 billion messages a day during 2011. Although that put spam volumes at more than 70 per cent the figure is much improved from the dark days of the Naughties when spam volumes routinely exceeded 90 per cent.

McAfee doesn't comment on the reasons for the decline but other observers credit the dismantling of various pharma spam operations and botnet takedowns for lower volumes of junk mail.

Instead of merely coping with the sheer volumes of junk email hitting servers, the latest challenge is countering targeted attacks. "Despite the drop in global levels, spear-phishing and spam are as dangerous as ever," McAfee concludes. McAfee’s third-quarter threat report can be found here [PDF]. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.