How Firesheep Can Hijack Web Sessions

Watch out for "malware encounters." On average, enterprise users come face-to-face with 133 web-based pieces of malware per month, although in August, such encounters spiked to an average of 140 per month. About 10% of malware was encountered via search engines or related services; 7% could be traced to Google, followed by Yahoo at 2%.

Those findings come from a new Cisco Global Threat Report investigating security trends in the third quarter of 2010.

Interestingly, in that timeframe, exploits against Java rose, while attacks against Adobe Acrobat and Reader declined. "Exploits targeting Sun Java increased from 5% of all malware encounters in July 2010 to 7% in September 2010," said Mary Landesman, market intelligence manager at Cisco. "However, PDF exploits targeting Adobe Reader and Acrobat actually declined over the quarter, from 3% of all web malware blocks in July 2010 to 1% in September 2010."

When it comes to malware, some industries also see more attention from attackers. The businesses most at risk are pharmaceutical and chemical companies, which saw the number of attacks aimed at them increase in recent months by 372%. Other industries that saw substantial increases in malware that targeted them included the energy and oil sector (a 209% increase in malware), and agriculture and mining (169%).

In terms of botnets, at least judging by traffic volumes, Rustock appears to be king. Cisco said that between July and September 2010, one out of every five security events handled by its security monitoring service involved Rustock.

"The Rustock botnet was the most frequently encountered event handled by Cisco Remote Operations Services (ROS), peaking in late August," said Landesman. "This botnet is believed to be one of the largest purveyors of spam and has been most predominantly affiliated with sending pharmaceutical and counterfeit watch spam, often in the form of a breaking news alert, a tactic first popularized by the Storm botnet."

Thankfully, 65% of malware attacks get blocked before ever reaching a PC, said Cisco. Of the attacks that make it through, Cisco said that exploits targeting Sun Java, Adobe Reader and Acrobat, and Adobe Flash are the three most commonly seen.