After analyzing the malware and online threats of 2010,
SonicWALL security researchers said they found that Tuesday was the most
threat-heavy day of the week.
Monday was a close second for threat-related traffic, Ed
Cohen, Sonic Wall’s vice-president of e-mail security, told eWEEK. It wasn’t
clear from the analysis why malware activity was the highest on Tuesdays, but
Cohen speculated a connection with Microsoft’s Patch Tuesday announcements.
SonicWALL researchers noticed this pattern for China,
India, Mexico, South Africa, Taiwan, Turkey, the United States, and several
European countries, Cohen said.
The end-of-year cyber-security summary is based on an
analysis of data collected by the SonicWALL Global Response Intelligent Defense
Network during 2010, said Cohen. The data, collected by “millions” of SonicWALL
anti-spam and e-mail security sensors, is broken out geographically and includes
information of more than 30 countries, the company said.
The researchers also found that the most active time for
threat-related traffic in the U.S. was between 10 a.m. and 11 a.m. Pacific
time, said Cohen. He said this coincided with the West Coast getting started
with the workday and the East Coast just returning from lunch.
Interestingly, the researchers found that malware has a
seasonal component, with certain types being more prevalent during specific
times of the year, said Cohen. According to the analysis, Trojans tend to peak
in September and December, corresponding with the proliferation of
back-to-school offers and holiday greeting cards. However while worms spike in
December just in time for the holidays. As expected, adware threats peak over
September, October, and December, as online advertisers serve up more ads
during the holiday season.
However, there was also a “second wave” of threats, as
attackers send follow-up scams in January, when bills come due, said
Cohen.
Malware activity was high during the 2010 holiday season
and the researchers expect distribution levels twice what was seen in 2009 and
2008, said SonicWALL. The top three threats were Trojans, video-based malware
and PDF-based exploits.
The amount of malware for the whole year 2010 tripled,
compared to 2009, as well, said SonicWALL. Along with PDF-exploits, Java-based
exploits were very common during the year, said Cohen. He expects a rise in
mobile malware, as he saw several proof-of-concept attacks, such as one for the
iPhone. The other top threats for the year included the Conficker worm, Zeus
Trojan, FakeAV scams, and Web exploits kits such as Gumbla and Phoenix.
Phishing fraud continues to be a serious problem,
SonicWALL said. In fact, most of the threats the researchers found in 2010 were
not “brand-new” types of malware, nor were they “super-intelligent,” said
Cohen. The number of e-mails soliciting people to go to bogus Web sites have
increased, but still fell under the category of “traditional” phish and spam
attacks, he said.
Even though China has often been cited as one of the countries
responsible for sending out malware and spam, SonicWALL researchers found that
China and Taiwan were now the most heavily hit by threats, Cohen said. Taiwan
topped the list as the country most heavily hit with malware, while China was
the country most heavily hit with intrusion related and multimedia threats,
according to the research analysis.
In an analysis of poisoned Google search terms, the
researchers found that terms related to the Oscar awards were the most common,
such as “what time do the Oscars start,” “Oscars winners 2010 list” and “academy awards 2010 time,” said Cohen.
“These
findings serve as a tool to give IT insight into how best to prepare their
networks for the upcoming year,” said Boris Yanovsky, vice-president of
software engineering at SonicWALL.
Article source: http://www.eweek.com/c/a/Security/Tuesday-Most-Active-Day-for-Malware-Distributors-Says-SonicWALL-535925/
Category: Virus/Malware