Today Barracuda Labs released our 2010 Midyear Security Report, revealing data from two key areas: search engine malware and Twitter use and crime rate.
Our study shows that attackers have serious efforts devoted towards getting in front of the billions of eyeballs that are using search engines everyday and the millions of users that are connecting on social networks like Twitter. These research efforts allow us to continue to analyze their approaches and build new techniques to find them and protect users. Highlights of the study are below, and you can download the full report off the BarracudaLabs.com homepage.
Searching for Malware
We conducted a study across Bing, Google, Twitter and Yahoo! over a roughly two-month period. The analysis reviews more than 25,000 trending topics and nearly 5.5 million search results. The purpose of the study was to analyze trending topics on popular search engines to understand the scope of the problem and to identify the types of topics used by malware distributors. Key highlights:
- Overall, Google takes the crown for malware distribution – turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed. Google presents at 69 percent; Yahoo! at 18 percent; Bing at 12 percent; and Twitter at one percent.
- The average amount of time for a trending topic to appear on one of the major search engines after appearing on Twitter varies tremendously: 1.2 days for Google, 4.3 days for Bing, and 4.8 days for Yahoo!
- Over half of the discovered malware had originated between the hours of 4:00 a.m. and 10:00 a.m. GMT.
- The top 10 terms used by malware distributors include the name of a NFL player, three actresses, a Playboy Playmate and a college student who faked his way into Harvard.
The Dark Side of Twitter
As part of an ongoing study to data we released in June 2009 and subsequently in March 2010, we analyzed more than 25 million Twitter accounts, both legitimate and malicious. The purpose of this part of the study was to measure and analyze account behavior on Twitter in order to model normal user behavior and identify features that are strong indicators of illegitimate account use. The study reviews several key areas including True Twitter Users1, Twitter Crime Rate2, and Tweet Number3. Key highlights:
- In general, activity is increasing on Twitter: more users are coming online; True Twitter Users are tweeting more often, and even casual users are becoming more active. As users become more active, the malicious activity also increases.
- Only 28.87 percent of Twitter users are actual True Twitter Users.
- Half of Twitter users tweet less than once a day, yet one in 10 users tweet five or more times a day and 30 percent of Twitter accounts have never tweeted.
- One in every eight Twitter users has at least 10 times more followers than they are following.
- Only one in 10 users is following more than 100 users, and almost half are following less than five.
- The Twitter Crime Rate for the first half of 2010 was 1.67 percent.
We are presenting the findings of both studies, as well as other Barracuda Labs work, at Security BSides Las Vegas and DefCON 18 this week in Las Vegas. Come see us!
Security BSides Las Vegas:
Wednesday July 28 at 3pm PT – The Darkside of Twitter (Dr. Paul Judge, Dave Maynor)
Thursday July 29 at 3pm PT – A Mechanic's View of SQL Injection (Ray Kelly)
DefCON 18:
Saturday July 31 at 11am PT – Searching for Malware (Dr. Paul Judge, Dave Maynor)
Resources:
- Download the Barracuda Labs 2010 Midyear Security Report at http://www.barracudalabs.com/research_resources.html.
- View the Barracuda Labs security research portal at http://barracudalabs.com.
- Follow Barracuda Labs on Twitter at @barracudalabs.
Footnotes:
1 – ‘True Twitter User’ is defined as a user that has at least (≥) 10 followers, follows at least (≥) 10 people, and has tweeted at least (≥) 10 times.
2 – ‘Twitter Crime Rate’ is defined as the percentage of accounts created per month that were eventually suspended for malicious or suspicious activity, or otherwise misused.
3 – ‘Tweet Number’ is defined as a user’s average number of tweets per day.