Report: malware pushed by affiliate networks remains the primary growth factor of the cybercrime ecosystem

Summary:According to FireEye's recently released "FireEye Advanced Threat Report 2H 2011" report, malware pushed by affiliate networks, remains among the key growth factors of the cybercrime ecosystem.

According to FireEye's recently released "FireEye Advanced Threat Report 2H 2011" report, malware pushed by affiliate networks -- also known as pay-per-install networks -- remains among the key growth factors of the cybercrime ecosystem.

Key summary points from the report:

  • The fastest growing malware categories in the second half of 2011 were PPI (pay per installs) and information stealers.
  • Of the thousands of malware families, the “Top 50” generated 80% of successful malware infections.
  • Over 95% of enterprise networks have a security gap despite $20B spent annually on IT security.
  • Spear phishing attacks increase when enterprise security operations centers are lightly staffed or understaffed, particularly during holidays.

What's so special about pay-per-install malware? It's the fact that malicious attacker earns revenue every time a successful infection takes place, due to his participation in an affiliate program offering high payout rates for infected PCs.

More details:

In the second half of 2011, pay-per-install (PPI) downloaders, worms, backdoors, and information stealers represented the four most prevalent categories of malware. PPIs are malware programs that charge a fee to download or distribute other malware programs. These programs differ from normal downloaders/droppers in that a PPI malware author gets paid for every successful install of another malware program. Of the top four malware categories, information stealers and backdoors present the greatest threat to enterprises.

Next to the growth of pay-per-install malware applications, FireEye observed an increased in Zbot and Sality information steals. The company attributed the growth of Zbot also known as the ZeuS crimeware, to the leaked source code, allowing potential cybercriminals to easily modify and tailor the source code to their needs.

The company is also seeing an increase in the use of the BlackHole web malware exploitation kit, thanks to the constant updates issued by its authors, currently targeting a diverse mix of client-side vulnerabilities.

Consider going through FireEye's report here.

Topics: Security, Malware, Networking

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.