malware

McAfee sees surge in spam, Koobface samples, MBR attacks

The first three months of 2013 have seen a surge in spam volume, as well as large numbers of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.

After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.

The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540 percent while spam originating in Kazakhstan grew 150 percent.

Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.

The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.

Not just spam

On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.

The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.

malware

The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.

The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.

The number of ransomware threats, like those that attempt to extort money from users by displaying fake messages from law enforcement agencies, continued its steady quarter-over-quarter increase, according to McAfee’s report.

“One reason for ransomware’s growth is that it is a very efficient means for criminals to earn money because they use various anonymous payment services,” the McAfee researchers said. “This method of cash collection is superior to that used by fake AV products, for example, which must process credit card orders for the fake software.”

The overall number of PC malware samples increased by 28 percent during the first quarter, reaching 120 million unique threats, McAfee said. On the mobile side, malware growth experienced a decline compared to the last quarter of 2012, but remained significant with the threats discovered in 2013 representing 28 percent of all mobile malware recorded to date.

Subscribe to the Security Watch Newsletter

Comments