Malware rose by 46pc in Q1, Cisco report shows

19 May 2011

The number of unique malware types on the web increased by 46pc between January and March of this year, a new security report suggests.

Cisco’s Global Threat Report, which covers the first quarter of 2011, found 105,536 instances of unique web malware in March 2011 compared to January 2011 when there were 72,294 instances of unique web malware. Business users experienced an average of 274 web malware encounters per month during Q1, up 103pc compared to 2010.

Although web malware continues to increase, Cisco said there have been far fewer large-scale compromises per attack compared to previous years, but a far larger number of separate attacks. According to the report, the largest outbreak during the quarter was in March 2011, which involved a series of GIF injection attacks targeted at popular Pakistani news sites.

The second-largest attack during the same period involved website compromises designed to deliver the Hiloti Trojan. Said to be part of an ongoing series, Hiloti started in January 2011 and resumed the following month.

SQL injection attacks

The report said the Lizamoon series of SQL injection attacks, which received a lot of attention this year, was less virulent than was first believed. “Both the actual numbers of compromised websites and the live encounter rates were far fewer than had been reported,” Cisco said. Its figures show only a few thousand websites were actually compromised and live encounters were a tiny fraction of all malware encountered during Q1.

Another surprising finding in the report relates to the Rustock botnet, which was said to be one of the world’s largest sources of spam before it was taken down by the FBI and Microsoft in March. While Rustock-related activity dropped significantly in the quarter, as expected, Cisco said the sharp decline actually began weeks before the botnet was taken offline.

The report also found that web searches accounted for 9pc of malware encounters in Q1. This breaks down as, on average, 33pc from Google results pages and 4pc each from Yahoo! and Bing. Most of the malware found via search – some 58pc – was on a combination of smaller search engines or searches performed on non-search-engine websites.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years