From: Barracuda Labs [PRESS RELEASE]
Barracuda Labs Issues 2010 Annual Security Report; Launches New, Free Profile Protector to Protect Users against Malicious Threats on Facebook and Twitter
Campbell, Calif., March 3, 2011 – Barracuda Networks Inc., a leading provider of content security, data protection and application delivery solutions, today released findings from its 2010 Annual Security Report which indicates attackers are making a shift from using email spam to more aggressively targeting the Internet. Email spam dropped by half during 2010, while search engine malware doubled and the Twitter Crime Rate increased 20 percent, signifying a concentrated focus on the more lucrative social networks and search engines as attack vectors. To help combat this, Barracuda Networks today announced the availability of its new Profile Protector, a free service that protects social networking users against malicious threats on Facebook and Twitter.
“Attackers focus on where they can get the most eyeballs and profit, and today that means social networks and search engines,” said Dr. Paul Judge, chief research officer at Barracuda Networks. “As a community we often point to the need for user education as the missing component; however, the levels of social engineering involved in today's attacks suggest that we must continue to elevate our technological approaches. The research community must continue to build innovative defenses and the industry must make efforts to increase the deployment rates of those defenses.”
Searching for Malware
Barracuda Labs conducts periodic studies across Bing, Google, Twitter and Yahoo!, analyzing trending topics on popular search engines in order to understand the scope of the problem and to identify the types of topics used by malware distributors. The most recent study was conducted over 153 days. The analysis reviews more than 157,000 trending topics and nearly 37 million search results. Overall, the research found that attackers have increased the amount of search engine malware as well as expanded targeted efforts beyond Google.
Key highlights from the search result analysis include:
- In June 2010, Google was crowned as “King” of malware, turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed. As malware spread across the other search engines, the ratios were distributed more evenly by December 2010, with Google producing 38 percent of overall malware; Yahoo! at 30 percent; Bing at 24 percent and Twitter at eight percent.
- The amount of malware found daily across the search engines increased 55 percent from 145.7 in June 2010 to 226.3 in December 2010.
- One in five search topics lead to malware, while one in 1,000 search results lead to malware.
- The top 10 terms used by malware distributors include the name of a Jersey Shore actress, the president, the NFL and credit score.
The Dark Side of Twitter
Barracuda Labs analyzed more than 26 million Twitter accounts in order to measure and analyze account behavior. The analysis enabled researchers to model normal user behavior and identify features that are strong indicators of illegitimate account use. The study reviews several key areas including True Twitter Users1, Twitter Crime Rate2, and Tweet Number3.
Key highlights from the Twitter research include:
- In general, activity continues to increase on Twitter: more users are coming online; True Twitter Users are tweeting more often, and even casual users are becoming more active. As users become more active, the malicious activity also increases.
- The number of True Twitter Users increased to 43 percent, up from only 29 percent in June 2010.
- For every 100 Twitter users, 39 have between one and nine followers, while 50 percent of Twitter users have more than 10 followers.
- Approximately 79 percent of Twitter users tweet less than once per day.
- After decreasing at the end of 2009, the Twitter Crime Rate increased 20 percent from the first half of 2010 to the second half of 2010, going from 1.6 percent to 2 percent.
- Attackers are distributing malware and exploiting vulnerabilities to achieve their malicious goals.
Protecting Profiles on Facebook and Twitter
Barracuda Labs also announced the availability of its new Profile Protector, a free service that protects social networking users against malicious threats on Facebook and Twitter and is available at http://profileprotector.com/. The application analyzes user-generated content posted to profiles and is able to block or remove malicious or suspicious content. This includes malicious URLs, embedded photos and/or videos on Facebook and Twitter pages and news feeds.
About Barracuda Networks Inc.
Barracuda Networks Inc. combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content security, data protection and application delivery solutions. The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection. Coca-Cola, FedEx, Harvard University, IBM, L'Oreal, and Europcar are among the more than 130,000 organizations protecting their IT infrastructures with Barracuda Networks’ range of affordable, easy-to-deploy and manage solutions. Barracuda Networks is privately held with its International headquarters in Campbell, Calif. For more information, please visit www.barracudanetworks.com.
• Download the Barracuda Labs 2010 Annual Security Report at http://www.barracudalabs.com/research_resources.html.
• View the Barracuda Labs security research portal at http://BarracudaLabs.com.
• Follow Barracuda Labs on Twitter at @barracudalabs.
1 – ‘True Twitter User’ is defined as a user that has at least (≥) 10 followers, follows at least (≥) 10 people, and has tweeted at least (≥) 10 times.
2 – ‘Twitter Crime Rate’ is defined as the percentage of accounts created per month that were eventually suspended for malicious or suspicious activity, or otherwise misused.
3 – ‘Tweet Number’ is defined as a user’s average number of tweets per day.
# # #