McAfee found the biggest increase in malware samples detected in the last four years. McAfee Labs detected a 1.5 million increase in malware since Q1 2012 and identified new threats such as mobile “drive-by downloads”, the use of Twitter for control of mobile botnets, and the appearance of mobile “ransomware”.


Through proprietary research and investigation, McAfee Labs has been witness to rapid growth in its database or “zoo” of malware samples. With the malware sample discovery rate accelerating to nearly 100,000 per day, McAfee has identified key malware variants affecting a range of users globally.

“Over the last quarter we have seen prime examples of malware that impacted consumers, businesses, and critical infrastructure facilities,” said Vincent Weafer, senior vice president of McAfee Labs. “Attacks that we’ve traditionally seen on PCs are now making their way to other devices. For example, in Q2 we saw Flashback, which targeted Macintosh devices and techniques such as ransomware and drive-by downloads targeting mobile. This report highlights the need for protection on all devices that may be used to access the Internet.”


As PC malware writers master their craft, they continue to transfer their skills to other popular consumer and business platforms, such as Google’s Android OS. After the mobile malware explosion in Q1 2012, Android malware shows no signs of slowing down, putting users on high alert.

Virtually all new mobile malware detected in Q2 2012 was directed at the Android platform, and was comprised of SMS-sending malware, mobile botnets, spyware and destructive Trojans.

Ransomware, steadily increasing quarter over quarter, has become a popular avenue for cybercriminals. Damage can range from loss of photos and personal files for home users to data encryption and demands for money for large enterprises. Ransomware is especially problematic as it can hold computers and data hostage, instantly damaging machines.

Botnets, a network of compromised computers infected with malicious software and used to generate spam, send viruses or cause Web servers to fail, have also taken center stage again this quarter with infections reaching a 12-month high. With the U.S. as the global hub of botnet control servers, new methods for control have also been uncovered, including the use of Twitter for mobile botnet command and control. As such, the attacker can tweet commands with relative anonymity and all infected devices will follow them.

Thumb drive and password-stealing malware showed significant growth in Q2. At nearly 1.2 million new samples, the AutoRun worm spreads from thumb drives by executing code embedded in AutoRun files, repeating the process on any and all drives discovered. Password-stealing malware, at nearly 1.6 million new samples, collects account names and passwords, so an attacker can pose as the victim.

Websites with malicious reputations are influenced by the hosting of malware, potentially unwanted programs, or phishing sites. This quarter McAfee Labs recorded an average of 2.7 million new bad URLs per month. In June, these new URLs were related to about 300,000 bad domains, which is equivalent to 10,000 new malicious domains every day. Of the new bad-reputation URLs, 94.2 percent host malware, exploits or code that have been specifically designed to hijack computers.

The complete report is available here.