Features

McAfee Says Security Threats Doubled in Record Time

By Sophia Mayengbam

In spite of the rise in security measures and awareness, malicious threat is multiplying rampantly. Security services provider McAfee in a study has revealed a significant milestone in the growth of malicious threats faced by businesses and individual users.

McAfee Avert Labs, which released protection for the 200,000th threat in its database, said there has been a 60 percent decrease in the amount of time it took to double the number of threats in its database since September 2004, when it added the 100,000th threat.

"It's remarkable to note that it took 18 years for our database to reach 100,000 malicious threats and just under two years to double to 200,000," said Stuart McClure, senior vice president, global research and threats at McAfee.

Figure: Malware Count and Rate of Growth

McClure said that although security awareness continues to improve, hackers and malicious code authors are releasing threats are faster than ever before, with about 2—percent more malicious threats per day than two years ago.

While bots are still the leading cause of this dramatic growth, exploits and downloaders are a close second. Email threats, which made up a large percentage of the number of threats in 2004, saw significantly smaller growth over the last two years when compared to other categories of malware.

There has been a recent shift in the landscape of malware attacks from high-profile to more targeted attacks. Instead of huge virus events causing ire from all segments including law enforcement, the preferred method of malware distribution now involves the creation of many minor variants sent through controlled spam efforts, said Jimmy Kuo, a research fellow with McAfee's Avert Labs, in a blog posting. Malware attacks are now shifting towards targeted Trojan attacks for financial gains. The slower distribution strategy allows new malware to exist for a longer period before diction, thus, enabling hackers to more private informations.

Jimmy Kuo also pointed the growth of malware targeting mobile telephony. At 300 now, the number is expected to grow. He said when the phone becomes the standard means to transfer money, malware targeting telephony will truly explode, much as bots and other means to steal money over the Internet.

In 2004, McAfee added 27,340 new threats to its database. In 2005, it added 56,880 new threats. Since January 1, 2006, McAfee has added about 32,000 new threats to its database and is on track to exceed 60,000 new threats by the end of this year.

Given the current trends, McAfee expects the 400,000th threat to be identified in less than two years. McAfee recommends that to stay protected, both enterprises and consumers constantly stay updated with the latest DATs, install the latest patches, and implement a multi-layered approach to detecting and blocking attacks.