Malware Hits All-Time High During First Half of 2010

According to a recent report from security giant McAfee, the first six months of this year represented the most active half-year in history in terms of malware production with over ten million new samples discovered.

The antivirus vendor notes in its Q2 2010 Threats Report (PDF) that the daily output of new pieces of malware is around 55,000, but most of them are slight variations of existent threats that were crafted to bypass traditional signature-based detection.

Malicious programs spreading through removable media devices, otherwise known as AutoRun malware, were the most prevalent threats so far this year, which is consistent with the recently published findings of other antivirus companies.

It is highly recommendable to disable the Windows AutoRun feature unless really needed. This can be done automatically with specialized programs like Panda USB Vaccine, which can also immunize any USB devices inserted into the system.

Social networking malware, like Koobface, fake antivirus programs and password stealing trojans also dominate the top ten list. However, some regional difference are obvious.

For example, scareware was more prevalent in the US and Europe, while South America saw a significant rise in infections with the Sality virus.

Malicious websites, either infected legitimate ones or others created by attackers, were also on the rise this year, with a particular spike from May forward.

Mass injection attacks, which add rogue code to vulnerable websites in order to exploit visitors, continue to remain a serious concern and common occurrance. Most such attacks originate in US and China.

The first half of 2010 was also a very busy period for vulnerability patching, with the last quarter being particularly active.

During the second quarter alone Adobe fixed 87 security flaws, while Microsoft 61. What's more worrying is that some of these were disclosed as zero-days and were actively exploited in the wild.

"It’s also obvious that cybercriminals are becoming more in tune with what the general public is passionate about from a technology perspective and using it to lure unsuspecting victims," Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, said.

"These findings indicate that not only should cybercrime education be more widespread, but that security organizations should move from a reactive to a predictive security strategy," he concluded.

You can follow the editor on Twitter @lconstantin