The Blue Coat Web Security Report 2009 said that malware is becoming more volatile on two fronts. First, multiple variations of the same malware threat are developed to circumvent antivirus scanners. Second, malware tends to move around quickly, so the URL filtering tools cannot block it indefinitely.
"In many instances, malware moves in as little as two hours because once a Web filtering solution identifies a URL as a malware host location, it doesn't matter if the code is updated," the report said.
That said, Blue Coat also reported a significant role for older malware. Although new malware made the headlines in 2009, such as Conficker and Gumblar, several existing threats including Netsky and MyDoom were far more prevalent, the company said.
Other discoveries included the fact that online storage and software download sites were the most frequent hiding places for web-based malware last year. The number of online storage sites grew over 200% in 2009 compared to 2008, the company said, making them a perfect deployment vector for malicious software.
The number of data collection sites and drop zones designed to harvest information from malware increased fivefold in 2009, which was largely down to redundancy in the drop zone infrastructure, according to the report. "This increases the likelihood that one or more of the URLs will remain undiscovered long enough for cyber criminals to retrieve stolen information," Blue Coat said.