According to FireEye's recently released "FireEye Advanced Threat Report 2H 2011" report, malware pushed by affiliate networks -- also known as pay-per-install networks -- remains among the key growth factors of the cybercrime ecosystem.
Key summary points from the report:
- The fastest growing malware categories in the second half of 2011 were PPI (pay per installs) and information stealers.
- Of the thousands of malware families, the “Top 50” generated 80% of successful malware infections.
- Over 95% of enterprise networks have a security gap despite $20B spent annually on IT security.
- Spear phishing attacks increase when enterprise security operations centers are lightly staffed or understaffed, particularly during holidays.
What's so special about pay-per-install malware? It's the fact that malicious attacker earns revenue every time a successful infection takes place, due to his participation in an affiliate program offering high payout rates for infected PCs.
In the second half of 2011, pay-per-install (PPI) downloaders, worms, backdoors, and information stealers represented the four most prevalent categories of malware. PPIs are malware programs that charge a fee to download or distribute other malware programs. These programs differ from normal downloaders/droppers in that a PPI malware author gets paid for every successful install of another malware program. Of the top four malware categories, information stealers and backdoors present the greatest threat to enterprises.
Next to the growth of pay-per-install malware applications, FireEye observed an increased in Zbot and Sality information steals. The company attributed the growth of Zbot also known as the ZeuS crimeware, to the leaked source code, allowing potential cybercriminals to easily modify and tailor the source code to their needs.
The company is also seeing an increase in the use of the BlackHole web malware exploitation kit, thanks to the constant updates issued by its authors, currently targeting a diverse mix of client-side vulnerabilities.
Consider going through FireEye's report here.