Connect with us

Hi, what are you looking for?


Malware & Threats

Top Five Malware and Spam Trends Worldwide from McAfee Q1 2010 Threats Report

USB Malware, Diploma Spam from China and Earthquake Web Searches Top Threat Lists. United States hosts 98 percent of new malicious URLs

USB Malware, Diploma Spam from China and Earthquake Web Searches Top Threat Lists. United States hosts 98 percent of new malicious URLs

McAfee Inc. (NYSE:MFE) has unveiled its McAfee Threats Report: First Quarter 2010, which uncovered that a USB worm has taken the No. 1 spot for top malware worldwide. Spam trends show that email subjects vary greatly from country to country with diploma spam out of China and other Asian countries on the rise. Earthquake news and other major 2010 events drive poisoned Web searches, and U.S.-based servers host the majority of new malicious URLs.

Threats on portable storage devices took the lead for the most popular malware. AutoRun related infections held the No. 1 and No. 3 spots due to the widespread adoption of removable devices, mainly USB drives. A variety of password-stealing Trojans rounded out the top five. Those include generic downloaders, unwanted programs and gaming software that collects statistics anonymously. Unlike past studies, the popularity of these threats ranked consistently worldwide.

While spam rates remain steady, their subjects vary considerably from country to country. One of this quarter’s biggest discoveries was that China, South Korea and Vietnam have the most significant diploma spam, which promotes the purchase of forged documents to establish qualifications for items such as jobs. Singapore, Hong Kong and Japan have exceptional rates for Delivery Status Notification spam indicating a possible issue with preventative mail-filtering capabilities.


Volume of Spam

“Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates,” said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee. “Previously emerging trends, such as AutoRun malware, are now at the forefront. We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China.”

McAfee also found that Thailand, Romania, the Philippines, India, Indonesia, Colombia, Chile and Brazil have a higher portion of malware infections and spam. These countries have experienced significant Internet growth over the past five years and are lagging in security awareness.

Advertisement. Scroll to continue reading.

Attackers are leveraging major news events to poison Internet searches. Haiti and Chile earthquake disasters led the list (No. 1 and No. 2, respectively). The Toyota recall, Apple iPad and NCAA March Madness followed. Referred to as search engine manipulation, cybercriminals continue to use analytics and page-ranking logic to exploit hottest search terms and drive traffic to malicious websites.

Key Findings In The Report Include:

• The proliferation of remote devices makes it harder to defend corporate networks. But the gadgets are not going away. IT staffers need to expand security wherever their users go.

• Recent tragedies continue to attract scammers. Earthquakes and other disasters are money-making opportunities for cybercriminals.

• After a decline and spike in 2009, spam volume has returned to mid-2008 levels. Drawing data from our worldwide spam collectors, we illustrate which spam topics are most popular in 34 countries.

• Malware growth seems to be leveling off or declining in some areas, but the cumulative numbers are still immense. We anticipate cataloging at least as much malware this year as in 2009.

• Operation Aurora is one of the most important targeted attacks in Internet history. Aurora may have a significant impact for years to come on the perception of corporate-focused cybercrime.

• Spring means tax time, and tax-services scams play along. Some look convincingly like legitimate banks and national tax agencies.

• Manipulating search results can bring cybercriminals revenues from fake security software, as well as advertising income from click fraud.

• The Zeus Trojan is just one of the key tools of cybercriminals, who often tie password stealers with other types of illegal online material such as pornography and fake security software. The prime target for these attacks? Facebook users.

• Almost all URLs rated as malicious by McAfee’s TrustedSource Technology are located in the United States. Malware distributors love to use Web 2.0 features, which abound in this country.

• The most popular attacks on clients—including Operation Aurora—targeted Microsoft Internet Explorer and Adobe Reader and Acrobat.

• The justice system caught up with several cybercriminals, in cases ranging from the theft of credit card numbers to the illegal purchase and sale of concert and sports tickets.

• One of the most popular types of cybercrime is scareware, or fake security software. Installed invisibly, these scams convince users that their systems are infected and they must immediately purchase a tool to remove it. Scareware developers earn a phenomenal amount of money from their victims.

• Political hactivism continues: Hackers interrupted service or defaced websites at a Russian magazine, the Latvian tax agency, and the Australian government.

According to the report, The United States hosted 98 percent of new malicious URLs in Q1 2010, likely due to the of many Web 2.0 Services being hosted in U.S. locations. Within the remaining 2 percent, China hosted 61 percent and Canada hosted 34 percent.

A full copy of the Q1 2010 Threats Report is available at:

Related Reading: 2010, A Great Year to be a Scammer

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...