| A leading provider of Web security and WAN optimization solutions released its 2011 Mid-Year Web Security Report, which examines Web-based malware ecosystems, including the 10 largest malware delivery networks. These malware delivery networks are typically hosted across multiple sites and are responsible for launching dynamic attacks on unsuspecting users. The report examines the interactions of Web-based malware ecosystems, including user behavior, hosting sites and delivery networks. “Web-based malware has become so dynamic that it is nearly impossible to protect every user from every new attack with traditional defenses,” said Nigel Hawthorn. For the first half of 2011, Shnakulewas the leading malware delivery network, both by size and effectiveness. On average during that period, this network had 2,000 unique host names per day with a peak of more than 4,300 per day. It also proved the most adept at luring users in, with an average of more than 21,000 requests and as many as 51,000 requests in a single day. Shnakule is a broad-based malware delivery network whose malicious activities include drive-by downloads, fake anti-virus and codecs, fake flash and Firefox updates, fake warez, and botnet/command and controls. Interrelated activities include pornography, gambling, pharmaceuticals, link farming, and work-at-home scams.Not only is Shnakule far reaching as a standalone malware delivery network, it also contains many large component malware delivery networks. Ishabor, Kulerib, Rabricote and Albircpana, which all appear on the top 10 list of largest malware delivery networks, are actually components of Shnakule and extend its malicious activities to gambling-themed malware and suspicious link farming. The 2011 Mid-Year Web Security Report also analyzes how and where on the Internet users are brought into malware delivery networks. In the first half of 2011, search engine poisoning was the most popular malware vector. In nearly 40 percent of all malware incidents, Search Engines/Portals were the entry point into malware delivery networks. Unsurprisingly, Search Engines/Portals were also the most requested Web content during the same time period. Social Networking was the fifth most popular entry point into malware delivery networks and the third most requested content. While cybercrime typically targets users where they spend the most time, as in the case of search engines and social networking, in the first half of 2011, they also used traditional methods, such as E: and pornography. E: was the third most popular category of Web content used to drive users to a malware network although the category only ranked as the 17th most requested category. Pornography, a longtime favorite malware target, was virtually tied with E: and was the 4th most popular way to lure users to malware, although it was only the 20th most requested category. After analyzing the dynamic and interrelated nature of Web-based malware ecosystems, the 2011 Mid-Year Web Security Report concludes that: • Malware hosting is often found within categories, such as Online Storage and Software Downloads, that companies typically allow in acceptable use policies. |
||
