7% of all Web malware encounters resulted from Google referrers
Web malware attacks peaked in August 2003 at 140, with enterprise users experiencing an average of 133 malware encounters per month in the third quarter of 2010, according to Cisco’s latest quarterly global threat report.
The Cisco 3Q10 Global Threat Report said that approximately 10% of malware was encountered via search engine traffic and/or services, and 7% of all malware encounters resulted from Google referrers, followed by Yahoo at 2%, Bing/MSN at 1% and Sina at 0.1%.
The report also stated that 79% of clicks on "Here You Have" email occurred within the first three hours of the worm’s spread, and volume of the malware reached a peak of 10% of all spam during the worm’s initial outbreak.
Traffic resulting from the September "Here You Have" email worm was 0.3% of all malware encountered in September 2010.
According to the report, volume of spoofed LinkedIn email delivering the Zeus Trojan reached a peak of 31.26% of all spam during a later stage of its outbreak.
Exploits targeted Sun Java increased from 5% of all Web malware encounters in July 2010 to 7% in September 2010, while exploits targeting Adobe Reader and Acrobat declined over the quarter, from 3% of all Web malware blocks in July 2010 to 1% in September 2010.
Thirty-eight percent of those impacted with Stuxnet were located in the UK, follwoed by 25% in Hong Kong, and 13% each in Brunei, the Netherlands, and Australia.
At 5%, the Windows Print Spooler vulnerability exploited by Stuxnet was the fifth most prevalent event handled by Cisco Remote Operations Services (ROS) in 3Q10, while the Rustock Botnet was the highest occurring ROS event in 3Q10, at 21% of events handled during the report period.
Peak Rustock activity occurred in late August 2010, declining in September 2010, and the malware was the highest occurring ROS event in 3Q10, at 21% of events handled during the report period, according to the report.
Among the top ten spam sending countries, volume of spam sent also dropped in September 2010 for eight of the top ten countries; however, spam sent from Russia and the Ukraine increased in September 2010.
The report further stated that companies in the pharmaceutical and chemical vertical were the most at risk for Web malware encounters in 3Q10, experiencing a heightened risk rating of 372%, while other higher risk verticals in 3Q10 included energy, oil, & Gas (209%); and agriculture and mining at 169%.
Analysis of Cisco IronPort data indicates that spam volumes were highest in August 2010 compared to the remainder of the quarter, with spam volume falling from 326 billion spam per day in August 2010 to 257 billion per day in September 2010.