Malware Peaks, McAfee Calls For Security Industry To Go On The Offense

Malware hit an all-time high in the first half of this year, at 10 million new samples, according to a new McAfee report, with the top two being AutoRun malware and password-stealing Trojans.

Meanwhile, McAfee also issued a call to arms for the security industry to play more offense than defense against today's attacks to get to the actual criminals behind the malware. Rather than continuing with today's approach of adding layers of security to defend against expected attacks, the industry needs to avoid attacks altogether by going aggressive, with the security community aligning forces and law enforcement operating proactively, according to McAfee executives.

"The tools and techniques of cybercrime continue to grow in number and sophistication at alarming rates. The cybercriminals prosper as they never have before because they have very little reason to fear the consequences. Maybe this is because we have really never given them a reason to fear," wrote Jeff Green, senior vice president of McAfee Labs and product development, in McAfee's new issue new issue of the McAfee Security Journal, published today. "This must change. We must adapt our industry at its core and at all levels. It is time to send the security industry on the offensive."

An offensive security strategy would mean using hackers' own tools, such as fuzzing and penetration testing; sharing intelligence among vendors and users; making the Internet Corporation for Assigned Names and Numbers (ICANN) take a harder line when accrediting domain registrars; ostracizing and decapitating botnets and their infrastructure; publicly disclosing names of cybercriminals and making this type of crime more risky for perpetrators; and educating the masses, according to McAfee.

McAfee says that while malware production was on a roll, spam, meanwhile, grew at only 2.5 percent in the second quarter from the first quarter of this year. Around 55,000 new pieces of malware appear each day, according to McAfee's new data (PDF). Fake antivirus and social media-borne malware, such as Koobface, round out the top four types of malware.

India had the most bot infections, close to 1.5 million, followed by Brazil, Russia, and Germany, each with more than 1 million infected machines. And McAfee says two throwback botnets are making a comeback this year, Storm and Kraken, both of which had practically disappeared some time ago. McAfee says a new version of Kraken is on the rise.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.