At the same time, exploits of Adobe Reader and Acrobat declined over the quarter, from 3% of all web malware attacks in July to only 1% in September, according to the Cisco report.
“We hear so much about exploits of Reader and Acrobat and not as much about the exploits targeting Sun Java. When we look at the actual numbers, we find that Sun Java exploits are much higher. That was a shift that started in the first quarter”, said Mary Landesman, market intelligence manager at Cisco.
Landesman told Infosecurity that the increase in Sun Java attacks was the result of the development of a public exploit code for Java made available in the first quarter. So attackers began to focus on Java, and Java was put at the top of the exploit list.
“If the first [attack] succeeds, there is no need to move onto the second one. This increased the number of exploits of Java and decreased the number for other exploits, such as Adobe Reader and Acrobat”, she said.
Many users are unaware that they have Java on their computers. Also, Sun’s security updates for Java are unpredictable. These both contributed to Java’s vulnerability to malware attacks, she observed.
In addition, the report found that the pharmaceutical and chemical sector was most at risk for web malware attacks in the quarter, far outpacing attacks on the energy and oil sector and agriculture and mining sector. At the least risk was the aviation and automotive sectors
The pharmaceutical and chemical sector has always been in the top three in terms of malware attacks in the Cisco report. Landesman said that this is likely due to the sector’s high level of intellectual property, which tends to attract malware attacks. “We found that sectors [with more intellectual property], like pharmaceutical and chemical and energy and oil, tend to have a higher rate of encounter with password stealing and data theft trojans”, she said.
The report also found that spam volumes were highest in August, primarily as a result of the Rustock botnet, which accounted for 21% of all events handled by Cisco. This botnet is one of the largest purveyors of spam, primarily counterfeit drug and watch spam, Cisco noted.
The report also showed that during the course of the largest LinkedIn spoofing in mid-September, the malicious LinkedIn email comprised a significant 31.26% of all spam for that period.
Landesman noted that those who fall for counterfeit drug spam are victimized twice. First they are victimized because they are paying for something that they do not receive, and what they do receive could be harmful.
The report also found that 10% of web malware was encountered via search engine traffic or service. Around 7% of all web malware encounters resulted from Google referrals, followed by Yahoo at 2%, Bing at 1%, and Sina at 0.1%