Search engine most popular malware vector

Some 40 percent of malware incidents in first six months of 2011 introduced by search engines, reveals new security report, which also identifies "Shnakule" as top malware network.
Written by Tyler Thia, Contributor

"Shnakule" has been identified as the top malware delivery network for the first half of this year, which also saw 40 percent of malware incidents being introduced by search engines, according to a new report released Wednesday by Blue Coat.

Leading by size and effectiveness, the Shnakule network had between 2,000 and 4,300 unique host names per day, and was able to trigger requests which ranged from 21, 000 to 51,000 a day. It lured users with drive-by downloads, fake antivirus and codecs, and fake flash and Firefox updates, among others, indicated Blue Coat's mid-year 2011 Web security report.

The security vendor further revealed that Shnakule hosted interrelated activities such as pornography, gambling, pharmaceuticals, link farming, and work-at-home scams. It also carried several large component malware delivery networks, such as Ishabor, Kulerib, Rabricote and Albircpach, which also made the top 10 list of largest malware delivery networks and were associated with gambling-themed and suspicious link-farming malicious activities.

Search engines most "malwared"
According to the Blue Coat report, search engine poisoning was the most popular malware vector as nearly 40 percent of all incidents were introduced by search sites. Social networking ranked as the fifth most popular entry point into malware delivery networks and the third most requested content.

"Traditional" delivery methods such as e-mail and pornography were still employed to spread malware, as both categories ranked third and fourth in the category for Web content used to drive users to a malware network.

Blue Coat warned that malware hosting commonly found in online storage and software downloads are still frequently allowed in companies, and having just a single defense layer such as a firewall or antivirus software is no longer enough to protect against dynamic threats and malware networks.

"Web-based malware has become so dynamic that it is nearly impossible to protect every user from every new attack with traditional defenses," Steve Daheb, the security vendor's chief marketing officer and senior vice president, said in the report.

Editorial standards