Research

Malware Dramatically Increasing; Almost All Users Have Clicked on Malicious Links

• By Dian Schaffhauser
• 09/02/08

Web security services firm ScanSafe reported that the total number of Web-based malware blocks has increased by 87 percent in July 2008 compared to the previous month. Specifically, the first two weeks in July have shown an extraordinarily high volume of malware blocks. ScanSafe sells online security services, which scan Web requests from its customers and blocks malicious content.

The company said the increase in Web-based malware was driven by the ongoing compromise of Web sites, which represented 83 percent of all malware blocks for the month. The increase was largely the result of the continued SQL injection attacks, which were responsible for 75 percent of all malware blocks in July 2008. As a result, July has had an overwhelming number of malware blocks--34 percent more blocks than the whole of 2007.

"In June 2008 we reported a 278 percent increase for the first six months of the year. That alarming trend has continued with the number of Web-based malware blocks exploding in the first two weeks of July," said Mary Landesman, senior security researcher at ScanSafe.

July 2008 also saw an increase in social engineering e-mail scams designed to install malware--including backdoor Trojans and rogue scanners--on victims' computers. According to the report, 95 percent of ScanSafe customers fell for the scams and attempted to click through to the malicious sites. The malware scanning service blocked customers from inadvertently getting to the malicious content.

"Although this may not seem like a high percentage, it is extremely significant given that these scams are now able to get past spam filters, which typically provide a high level of protection from this type of socially engineered malware," Landesman said. "It is disconcerting that cyber criminals are becoming increasingly sophisticated in creating these scams, so much so that more and more people are falling for them."

The ScanSafe "Global Threat Report" (PDF) is based on an analysis of more than 10 billion Web requests the company scans each month on behalf of business customers in over 60 countries across five continents.