Malware remains a lucrative business; and because of this, cybercriminals put serious resources behind it. One key profit-driven malware trend of 2009 was the boom in "scareware," or fake AV scams. These attacks prey on IT security fears and fool users into believing their computer has a problem when it does not.
Typically, scareware is planted on websites in the form of pop-up advertisements or disguised downloads. There have also been occasions when hackers have spammed out scareware, or links to it, using traditional social engineering tricks to fool users into clicking on the attachment or link.
These fake product scams continued to be a major threat, with detections featuring heavily in records of both web-based and email-borne spam.
SophosLabs received around 60,000 new malware samples every day in the first half of 2010; every 1.4 seconds of every day, a new malware sample arrives.
These and other scams have taken advantage of the full gamut of vectors to reach new audiences: links sent out via email promising lottery winnings, malvertising surreptitiously planted on legitimate sites, or even paid messages spread via social networking sites such as Twitter or Facebook, and—most deviously—the use of search engine optimization.
SEO attacks draw users searching for trending news stories and events, such as the deaths of pop stars or actors, whether real or only rumored, and even genuine security scares. These malware threats are generally web borne, reached via email links or subverted search engine results, and this vector is now by far the dominant method of spreading malware.