Search engine-related traffic accounted for about 8% of web malware found in the fourth quarter, mostly coming from Google at 3.84%, an average quarterly rate significantly lower than the 7% for the third quarter. In the last three months of 2010, malicious webmail accounted for only 1%.
Gumblar attacks averaged 2% during the fourth quarter, well below the peak rate of 17% recorded in March 2010. Java farms continued to lead throughout the year, with an average of 6.5% in the last three months of 2010, four times more than exploits through malicious PDF files.
Companies in the chemical and pharmaceutical sectors (with 400%, with the average equal to 100%), and energy and oil (275%) continued to be the most at risk from web malware throughout 2010. Also noteworthy for this concept are the sectors of agriculture and mining, education, and food and beverages. At the other extreme are the IT and telecommunications, aviation and automotive, and professional services sectors, with rates significantly below 100%.
Botnet-related activity is present in almost every case during the fourth quarter of 2010, from intellectual property theft to spam and denial-of-service attacks. Some botnets, such as Gbot, grow and decrease, while others such as Rustock maintained a continuous and dominant presence. Cisco also identifies an upward trend in Gbot's activity during the same period, when it had a greater presence. Rustock also recorded its highest activity during the last three months of 2010.
Cisco's research also reflects the impact that global events have on network traffic, citing as an example the case of the website WikiLeaks.org. When Amazon stopped servicing it for violating the terms of use, users turned to file-sharing networks to obtain copies of the leaks published by Julian Assange's website.
Spam volumes fell sharply during the fourth quarter of 2010, with several key events contributing to this pullback, such as the downgrade of botnets related to Lethic, Waledac, Mariposa and Zeus in the first quarter, followed by that of a variant of the Pushdo botnet in August 2010.
Importantly, despite the considerable reduction in the volume of spam, email attacks remained numerous. During the Christmas holiday period, a congratulatory email allegedly from the White House was forwarded to .mil and .gov addresses. infecting with a variant of the Zeus Trojan.
Cisco Global Threat Report collects quarterly data collected by the four key segments of Cisco Security: Intrusion Prevention System (IPS), IronPort, Remote Management Services (RMS), and ScanSafe.
Source: Networkworld.es
