McAfee: Spam down, but malware up

The volume of spam fell in the third quarter at the same time that malware hit a new high, according to McAfee's third-quarter Threats Report.

Lance Whitney
Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
2 min read

Spam hit a two-year low this past quarter, but malware is at an all-time high, according to McAfee's latest Threats Report.

Out today, the "McAfee Threats Report: Third Quarter 2010" (PDF) found that though spam is still high, it continued its overall decline from January, both globally and nationally. With the exception of Russia, Greece, Belarus, and Indonesia, all countries tracked by McAfee showed a drop in spam levels.


So much for the good news.

On the down side, malware has reached an all-time high, according to the security technology company, which identified an average of 60,000 new threats each day in the third quarter, almost quadrupling since 2007. For 2010 so far, McAfee has discovered 14 million unique pieces of malware, a million more than this time last year.


One of the more "sophisticated" threats that reared its head this year was the Zeus botnet, designed to steal information during banking transactions. Over the third quarter, Zeus expanded its scope by targeting mobile devices, specifically attempting to grab SMS messages sent to validate the transactions. McAfee also noticed a rise in e-mail campaigns launched to spread the botnet by sending out messages claiming to come from FedEx, the IRS, the U.S. Post Office, and other such parties.

Aside from Zeus, Stuxnet drew attention over the summer, initially being identified as an advanced type of worm. But further analysis done in September revealed Stuxnet as more dangerous, potentially something that could be used as a "weapon," in McAfee's words, created to sabotage power plants and cause physical damage to certain equipment.

Cutwail, another "popular" botnet, added up to 50 percent of overall traffic in every country tracked by McAfee. Launching distributed denial-of-service (DDoS) attacks, Cutwail hit more than 300 major Web sites, including government agencies such as the CIA and FBI, and businesses such as Twitter and PayPal.

Social networks continued to be a favorite target of cybercriminals in the third quarter. AutoRun malware and Koobface may have lessened their impact since earlier in the year. But McAfee warned that Koobface, which has a history of popping up again and again to target Facebook users, will likely be a threat as long as individuals and business continue to tap into social media and networking sites.

"Our Q3 Threat report shows that cybercriminals are not only becoming more savvy, but attacks are becoming increasingly more severe," Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, said in a statement. "Cybercriminals are doing their homework, and are aware of what's popular, and what's insecure. They are attacking mobile devices and social-networking sites, so education about user activity online, as well as incorporating the proper security technologies are of utmost importance."