USB Worms And Disasters Top Threat List

McAfee’s latest quarterly threat analysis found fewer exploits than last year – but evildoers are just as inventive as ever

Fewer new threats were reported in the first quarter of this year, compared to last year, but attackers are moving with the times, according to McAfee’s latest threat report.

Security vendor McAfee received 3.75 million reports of new threats and exploits in the first quarter of 2010, compared with four million in the same period last year. However, within the threats reported, targeted attacks on companies grew, as did phishing attacks built on current events such as volcanos and earthquakes.

Fewer threats added, but nastier ones

“This is the first time we’ve seen a downtrend in new threats,” said Greg Day, director of security strategy for McAfee in EMEA. Although new malware can be easily generated by toolkits, it appears not to be growing at the same rate as before, he said.

The attacks that happen are more likely to be targetted, like the Operation Aurora event from China which hit Google and others in January, he said.

More widespread phishing attacks have used news events to hit users in vulnerable spots, he said, in particular right now, a series of social-engineering phishing emails, which purport to offer income tax rebates to UK residents.

Previous phishing scams have addressed news items such as the volcanic ash cloud and the Haiti earthquake – where phishers got four million downloads in ten days – and the launch of the iPad. Although most people are wise to them, enough still succumb to make it worth the villains’ while, said Day.

Fake AV, USB worms and spam

Another growth area is bogus security solutions, said Day: “That is the fourth most common submission we saw in the quarter. It’s a grey area, because people are downloading it and agreeing to pay money for it.” In some cases it’s software that is not fit for purpose, and sold on through third parties.

There’s an element of nostalgia in the top security threat of the quarter though, said Day. USB worms like Conficker “spread in the old style, through portable media.” This is finally going to make businesses listen to the “smarter people” who have been telling them to lock down USB drives for a long while, and at least turn off Autorun, he said. “Businesses have left this one because of the cost of user education, but now the tide is turning. We only change our behaviour when forced to do so.”

According to the report, spam email subjects vary greatly from country to country, with diploma spam [selling fake qualification certificates] on the rise out of China and other Asian countries. Other attacks included poisoned web searches, and new malicious URLs – usually hosted in the US.

One very interesting development, Day reports, is an apparent breach of the Captcha system that prevents robots abusing websites. According to a US newspaper report, an attacker managed to buy $29 million (£20m) worth of restricted tickets for Bruce Springsteen and other concerts by using a bot to buy them quicker than humans could.

For a copy of the Q1 2010 Threats Report, please visit McAfee.