As malware hits new records, more than 95 billion phishing emails will be sent this year

It looks like 2010 is going to be a record year for malware. More than 95 billion phishing emails — which try to scam users out of their passwords — will be sent in 2010, according to security firm Symantec‘s MessageLabs Intelligence Report being released today.

For the year, the report says spam messages are projected to account for 89.1 percent of all emails sent, up 1.4 percent from 2009. The global spam rate peaked in August at 92.2 percent, when the portion of spam sent from botnets — herds of zombie computers that have been hijacked by hackers — reached 95 percent. The number of botnets in the world is estimated to be 3.5 million to 5.4 million. One of the big problems is drive-by attacks, which infect legitimate web sites with malware. Of 42,926 domains identified as malicious in 2010, the majority were compromised legit domains. Clearly, there’s still a big opportunity for security entrepreneurs, as malware problems are nowhere near being eliminated.

The report from Mountain View, Calif.-based Symantec also says that this year the average number of new malicious web sites blocked each day rose to 3,066, compared to 2,465 for 2009, up 24.3 percent. Symantec said it identified 339,673 different strains of malware among the 115.6 million emails that it block during the year. About 95.1 billion phishing emails are projected to be in circulation in 2010. The amount of spam was measurably reduced in October when the spam affiliate Spamit was shut down.

Botnet bosses are expected to continue to use steganography, a technique for hiding commands in plain view by embedding them in images or music files, to control their herds of computers. The steganography allows botnets to operate without oversight by an internet service provider. Rustock, the largest botnet with more than 1 million bots under its control, is expected to produce more than 44 billion spam emails per day, double the number it did last year.

Overall, cyber criminals experimented with many tactics in 2010 to keep spam and other malware at all-time highs, said Paul Wood, senior analyst at MessageLabs Intelligence. The scammers took advantage of events like the soccer World Cup to spread malware. they also disguised malware in short links and social networks to lure unsuspecting victims.

Roughly 200 to 300 corporations are targeted each month with specific malware meant for that organization. [illustration credit: itp.net]