Malware ecosystems becoming more complex

Blue Coat says firewalls, anti-virus software no longer enough to stop malware attacks

Tags: Blue Coat Systems IncorporatedMalware
  • E-Mail
Malware ecosystems becoming more complex Blue Coat has warned that fire walls and anti-virus software are no longer sufficient to protect businesses and users against malware.
By  Georgina Enzer Published  July 11, 2011

Web security and WAN optimisation solutions provider, Blue Coat Systems, has released its 2011 Mid-Year Web Security Report, which says that firewalls and anti-virus software are no longer sufficient to protect businesses and users from malware and the extensive infrastructure of malware delivery networks.

The report looks at web-based malware ecosystems, including the ten largest malware delivery networks and at web-based malware ecosystems, including user behaviour, hosting sites and delivery networks.  

"Web-based malware has become so dynamic that it is nearly impossible to protect every user from every new attack with traditional defences," said Nigel Hawthorn, VP EMEA Marketing at Blue Coat Systems. "With a unique comprehensive view of the web ecosystem, Blue Coat Web security solutions can identify and track malware networks to proactively protect customers from new attacks that these networks attempt to launch."

Blue Coat says that businesses need real-time protection and intelligence, such as that found in a cloud-based web defence.

Shnakule was the leading malware delivery network in size and effectiveness for the first half of 2011; on average this network had 2,000 unique host names per day with a peak of more than 4,300 per day. 

Shnakule was adept at luring users in, with as many as 51,000 requests in a single day. 

Shnakule's malicious activities include drive-by downloads, fake anti-virus and codecs, fake flash and Firefox updates, fake warez, and botnet/command and controls. 

Related activities include adult content, gambling, pharmaceuticals, link farming, and work-at-home scams.

Shnakule also contains many large component malware delivery networks.  Ishabor, Kulerib, Rabricote and Albircpana, which all appear on the top ten list of largest malware delivery networks, are components of Shnakule and extend its malicious activities to gambling-themed malware and suspicious link farming.   

In the first half of 2011, search engine poisoning was the most popular malware vector used to bring internet users into malware delivery networks, with nearly 40% of all malware incidents coming from search engines/portals. 

Social networking was the fifth most popular entry point into malware delivery networks and the third most requested content.

For the first half of 2011, malware delivery networks also used traditional malware delivery methods such as email and adult content.

Email was the third most popular category of web content used to drive users to a malware network although the category only ranked as the seventeenth most requested category.  Adult content was virtually tied with email and was the fourth most popular way to lure users to malware.

After analysing the report, Blue Coat revealed that malware hosting is often found within categories, such as online storage and software downloads, that companies usually allow in acceptable use policies, and suggested that businesses should completely block adult content, placeholders, online games and illegal/questionable categories to follow best practices for web security.

Blue Coat said that searching for images and pirated media ranks at the top of the list for possible malware delivery, and users engaging in these activities are especially vulnerable.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code