Today we released our Fourth Quarter 2011 Threat Report, revealing that malware surpassed the our estimate of 75 million unique malware samples last year. Although the release of new malware slowed a bit in Q4, mobile malware continued to increase and recorded its busiest year to date.
The overall growth of PC-based malware actually declined throughout Q4 2011, and is significantly lower than Q4 2010. The cumulative number of unique malware samples in the collection still exceeds the 75 million mark. In total, both 2011 and the fourth quarter were by far the busiest periods for mobile malware that McAfee has seen yet, with Android firmly fixed as the largest target for writers of mobile malware.
Contributing to the rise in malware were rootkits, or stealth malware. Though rootkits are some of the most sophisticated classifications of malware, designed to evade detection and “live” on a system for a prolonged period, they showed a slight decline in Q4. Fake AV dropped considerably from Q3, while AutoRun and password-stealing Trojan malware show modest declines. In a sharp contrast to Q2 2011, Mac OS malware has remained at very low levels the last two quarters.
In the third quarter McAfee Labs recorded an average of 6,500 new bad sites per day; this figure shot up to 9,300 sites in Q4. Approximately one in every 400 URLs were malicious on average, and at their highest levels, approximately one in every 200 URLs were malicious. This brings the total of active malicious URLs to more than 700,000.
The vast majority of new malicious sites are located in the United States, followed by the Netherlands, Canada, South Korea and Germany. Overall, North America housed the largest amount of servers hosting malicious content, at more than 73 percent, followed by Europe-Middle East at more than 17 percent and Asia Pacific at 7 percent.
At the end of 2011, global spam reached its lowest point in years, especially in areas such as the United Kingdom, Brazil, Argentina and South Korea. Despite the drop in global levels, McAfee Labs found that the present spearphishing and spam are highly sophisticated.
Overall botnet growth rebounded in November and December after falling since August, with Brazil, Columbia, India, Spain and the United States all seeing significant increases. Germany, Indonesia and Russia declined. Of the botnets, Cutwail continues to reign supreme, while Lethic has been on a steady decline since last quarter. Grum made a significant comeback after a long decline, surpassing Bobax and Lethic by the end of Q4.
The number of reports of data breaches via hacking, malware, fraud and insiders more than doubled since 2009, according to privacyrights.org, with more than 40 breaches publicly reported this quarter alone. The leading network threat this quarter came via vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attacks. These remote attacks can be launched at selected targets around the globe.