McAfee Quarterly Threat Report Sees Social Media Worm Resurgence as Spam
Targeted Attacks Continue Rise; “Pump and Dump” Returns with Record Stock
SANTA CLARA, Calif. -- June 3, 2013
McAfee Labs today released the McAfee Threats Report: First Quarter 2013,
which reported a significant spike in instances of the Koobface social
networking worm and a dramatic increase in spam. McAfee Labs also saw
continued increases in the number and complexity of targeted threats,
including information-gathering Trojans and threats targeting systems’ master
boot records (MBRs).
McAfee Labs found almost three times as many samples of Koobface as were seen
in the previous quarter, which is a high point for the social networking worm
that targets Facebook, Twitter and other social networking service users.
After three years of stagnation, spam email volume rose dramatically. One
significant element behind this growth in North America was the return of
“pump and dump” spam campaigns, which targeted would-be investors hoping to
capitalize on all-time equity market highs. The McAfee Labs report showed the
continued increases in Android malware, malicious web URLs and overall malware
But the increase in the number and sophistication of targeted advanced
persistent threats (APTs) represented the most notable evolution in the threat
landscape, as information becomes as valuable as money on the cybercrime
landscape. The report found a 30 percent increase in MBR-related malware and
new instances of password-stealing Trojans being repurposed to capture
information on individuals and organizations beyond the financial services
“Cybercriminals have come to appreciate that sensitive personal and
organizational information are the currency of their ‘hacker economy,’” said
Vincent Weafer, senior vice president, McAfee Labs. “The resurrection of
Koobface reminds us that social networks continue to present a substantial
opportunity for intercepting personal information. Within the enterprise, we
see password-stealing Trojans evolving to become information-gathering tools
for cyber-espionage attacks. Whether they target login credentials or
intellectual property and trade secrets, highly-targeted attacks are achieving
new levels of sophistication.”
Each quarter, the McAfee Labs team of more than 500 multidisciplinary
researchers in 30 countries monitors the global threat landscape, identifying
application vulnerabilities, analyzing and correlating risks, and enabling
instant remediation to protect enterprises and the public. This quarter,
McAfee Labs identified the following developments:
*Koobface Trojan. Koobface, a worm first discovered in 2008, had been
relatively flat for the last year yet it tripled in the first quarter of
2013 to levels never previously seen. The resurgence demonstrates that the
cybercriminal community believes that social network users constitute a
very target-rich environment of potential victims.
*Spam Volume. McAfee Labs found the first increase in global spam volume in
more than three years. In addition to popular “pump and dump” scams, a
surge in growth hormone offers and an escalation of spam campaigns in
emerging markets accounted for category growth.
*Targeted Espionage. McAfee’s latest analysis of the Citadel Trojan found
that criminals have re-purposed the bank account threat to steal personal
information from narrowly targeted victims within organizations beyond
financial services. The industry should expect to see more instances of
banking malware used for cyber-espionage operations within non-financial
and government organizations.
*MBR Attacks. The 30 percent increase in Q1 MBR-related threats included
instances of StealthMBR, TDSS, Cidox, and Shamoon malware. Key to
performing startup operations, MBRs offer an attacker a wide variety of
system control, persistence, and deep penetration capabilities. The
category has set record highs over the last two quarters.
*Malicious URLs. The number of suspicious URLs increased 12 percent as
cybercriminals continued their movement away from botnets as the primary
distribution mechanism for malware. Malicious websites launching “drive-by
downloads” have the notable advantage of being more nimble and less
susceptible to law enforcement takedowns.
*Mobile Malware. While the growth of mobile malware declined slightly
during the quarter, Android malware still managed to increase by 40
*PC Malware. New PC malware samples increased 28 percent, adding 14 million
new samples to McAfee’s malware “zoo” of more than 120 million unique
To read the full McAfee Threats Report: First Quarter 2013, please visit
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers
businesses, the public sector, and home users to safely experience the
benefits of the Internet. The company delivers proactive and proven security
solutions and services for systems, networks, and mobile devices around the
world. With its Security Connected strategy, innovative approach to
hardware-enhanced security, and unique Global Threat Intelligence network,
McAfee is relentlessly focused on keeping its customers safe.
Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the
United States and other countries. Other names and brands may be claimed as
the property of others.
Chris Palm, 408-346-3089
Stephanie Chaney, 312-222-1758
Press spacebar to pause and continue. Press esc to stop.