The final quarter of 2011 was one of significant ups and downs in the global threat landscape. The quarter serves as a microcosm for the entire year: 2011 delivered some of the most noteworthy events we have seen to date. High-profile attacks such as Duqu1 and the rise of anonymous-centric hacktivist made 2011 a truly challenging year for the security business. The increasing attention on industrial control systems mated with growing hacktivist activities could lead to turbulent times in 2012.
Looking back at the quarter, several things jumped out. Growth in almost all areas of malware and spam declined, with the exception of mobile-based malware. Mobile malware rose during the quarter and recorded its busiest year to date. Android*, once again, was the clear choice for malware writers. And, although the release of new malware slowed, the total malware we’ve captured still managed to break the 75 million mark, a figure we predicted late in 2010.
Despite spam numbers dropping around the world, with many regions reaching multiyear lows, we still observed great diversity and specificity in subject lines. Scammers are adept at understanding what lures and subjects work both globally and locally. This tactic has not changed. The odd contradiction of botnet growth, however, continued this quarter. (Botnets usually send spam; growth in botnets would suggest growth in spam, yet that was not the case.) We saw a considerable worldwide jump in botnet detections, with Grum at the top of the pack.
This quarter the United States again hosted the most malicious web content, and the growth of sites with bad reputations was up in general. The number of active malicious URLs increased, and new malware sites almost doubled this quarter. The web continues to be a dangerous place for the uninformed and unprotected.
Read the full McAfee Threats Report, Fourth Quarter 2011.