Security Experts:

McAfee: New Malware Slowed in Q4 2011, Total Collection Tops 75 Million

Total Malware Samples Surpassed 75 Million in 2011. Malicious Sites Nearly Double, while Mobile Malware Continues to Grow.

McAfee today released its Threat Report for the Fourth Quarter of 2011 which indicated that while malware continues to be created at a wild pace, overall growth of PC-based malware actually declined during the quarter.

McAfee also said that it has reached a new milestone in terms of total malware captured to-date which has now surpassed 75 million samples.

While the creation of new PC-based malware slowed in Q4, McAfee saw that mobile malware continued to increase, marking 2011 as its busiest year to date, with a spike in the second half of the year. These findings echo a recent report from Juniper Networks that showed a whopping 3,325 percent increase in malware specifically targeting the Android platform in the last seven months of 2011 alone.

“Given that more of the world’s users will conduct personal and business transactions through mobile devices, the industry faces a tremendous challenge, requiring more cooperation and coordination to keep them safe,” warned Vincent Weafer, senior vice president of McAfee Labs.

New Malware: ChartMcAfee reported a continued decline in Fake AV malware, which dropped considerably from Q3, while AutoRun and password-stealing Trojan malware showed modest declines.

Other than a spike in malware targeting Mac OS that was witnessed in Q2 2011, Mac OS malware remained at very low levels the last two quarters of the year. “As always, comparing overall malware growth for the Mac with that for PCs makes the Mac threat look rather tame, but it’s always wise to protect your system,” the report notes.

Contributing to the rise in malware were rootkits, or stealth malware, McAfee says. While rootkits are considered the most sophisticated and dangerous form of malware, often capable of going unnoticed on a system for a prolonged period, there appeared to be a slight decline in Q4.

Web Threats

In Q4 2011 McAfee Labs found an average of 9,300 new malicious sites per day, up from 6,500 per day in Q3. McAfee currently counts more than 700,000 active malicious URLs in its database, noting that North America housed the largest number of servers hosting the malicious content, at over 73 percent.


Spam reached its lowest level in years toward the end of 2011, especially in areas such as the United Kingdom, Brazil, Argentina and South Korea. Despite the drop, McAfee noticed a continued trend highly sophisticated and targeted in spearphishing attacks. "As always, social engineering lures and spam subject lines vary greatly depending on the part of the world in which we find them," the report notes. "Messaging subjects still show great global diversity and specificity."


In the word of botnets, McAfee said that overall botnet growth rebounded in November and December after falling since August, with Brazil, Columbia, India, Spain and the United States all seeing significant increases. Germany, Indonesia and Russia declined. Of the botnets, Cutwail continues to reign supreme, while Lethic has been on a steady decline since last quarter. Grum made a significant comeback after a long decline, surpassing Bobax and Lethic by the end of Q4.

Network Threats

McAfee said that the top network threat during the quarter came via vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attacks.

“The threat landscape evolved greatly in 2011, and we saw a significant shift in motivation for cyberattacks,” Weafer concluded. “Security issues made more headlines in 2011 than ever before, and showed that no organization, platform or device is immune to increasingly sophisticated threats.”

The full McAfee Threats Report: Fourth Quarter 2011is available for download here. (PDF, No Registration Required)

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.