Malware and social network attacks surge in '09

Malware-carrying spam and attacks via Twitter and Facebook grew dramatically in the second half of 2009, says a report (PDF) released Tuesday by security company M86 Security.

The volume of spam shot up last year to more than 200 billion messages each day, or 80 percent to 90 percent of all inbound e-mail sent to organizations, said M86. Spam carrying malware also surged in the second half of the year, hitting 3 billion each day compared with 600 million per day in the first half of 2009.

The vast majority of spam is now sent through botnets hiding on infected computers--the second half of 2009 alone saw 78 percent of all spam triggered by the top five botnets, such as Rustock and Pushdo.

As most spam is triggered by just a few select botnets, a takedown of those specific threats could have a huge impact on malware, notes M86. But since most cybercriminals are part of organized gangs, they've proved to be adept at bouncing back from attempts to take them down.

Spam messages that carry malware payloads have become more sophisticated over the past year. One example pointed out by M86 is the Virut virus, which can install virtually any type of malware on a PC by infecting executable files with .exe and .scr (screensaver) extensions.

Zero-day vulnerabilities often found in Adobe and Microsoft products also grew in the latter half of 2009. This type of malware has become particularly hazardous since it can sometimes take companies weeks or even months to patch up specific security holes in their software.

PDF files have proved especially fertile ground for cybercriminals due to the ubiquity of Adobe Reader and the ability of these files to include hyperlinks and other dynamic content within them. Almost a dozen zero-day attacks were launched throughout 2009, says M86.

Malware via social-networking sites like Facebook and Twitter also grew in volume during the second half of 2009. One example was that of venture capitalist Guy Kawasaki, whose Twitter account was hacked last June and sent out tweets with links that led to malware.

Cybercriminals have also pounced on the vulnerabilities inherent in shortened URLs, commonly used at Twitter and other social networks. Since users can't by default preview the actual page beforehand and usually trust that the link is legitimate, it's easy to direct a shortened URL to a malicious Web site that launches a malware attack.

How can people better protect themselves against the growing tide of malware? Aside from the typical advice of keeping your security software updated and not clicking on links in an e-mail, M86 recommends that people use the NoScript extension in Firefox, which limits the execution of JavaScript code and installs browser extensions that can display shortened URLs as their full addresses.

M86 said the report was compiled based on findings from its own researchers, who comb through more than 7 million different e-mail messages each day looking for specific patterns and trends in spam and malware.