Socially engineered malware (SEM) remains the most common security threat facing Internet users today, claiming one third of internet users as victims. These attacks pose a significant risk to individuals and organizations by threatening to compromise, damage, or acquire sensitive personal and corporate information. European and American users have found themselves particular targets of malware authors over the last 12 months. North America has consistently been the primary host of malicious URLs, while users in Asia have been victims of the greatest number of malicious URLs.
Cybercriminals are taking advantage of the implied trust relationships inherent in social networking sites (Facebook®, MySpace™, Badoo, StudiVZ, Skyrock, LinkedIn®, renren, Kaixin001 (a.k.a. Happy Net), 51, Multiply, Cyworld, Orkut, Mixi, etc.) and user-contributed content (blogs, Twitter™, etc.) which allow for rapid publishing and anonymity. Furthermore, the speed at which these threats are “rotated” to new locations poses a significant challenge to security vendors.
Browsers tested in the report include:
• Google Chrome™ 12
Key findings from the reports show:
• Browsers can offer an additional layer of protection beyond antivirus.
• Results varied from Q3 2010 test, with IE9, Chrome, and Opera showing improvement, while Firefox and Safari decreased in protection.
The use of free browser-based reputation systems to assist in the fight against socially-engineered malware is a strong use of cloud technologies. However, in these tests of socially-engineered malware, we found that not all vendor implementations and daily operations yield the same results. It became obvious from these recent tests, in comparison to NSS Labs’ earlier global tests, that Microsoft continues to improve their IE malware protection in IE9 through its SmartScreen®
About NSS Labs, Inc.
NSS Labs, Inc. is the leading independent, information security research and testing organization. Its expert analyses provide information technology professionals with the unbiased data they need to select and maintain complex security products for their organizations. Pioneering intrusion detection and prevention system testing with the publication of the first such test criteria in 1999, NSS Labs evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis. The firm’s real-world test methodology is the only one to assess security products against live Internet threats. NSS Labs tests are considered the most aggressive in the industry. Founded in 1991, the company has offices in Carlsbad, California and Austin, Texas. For more information, visit http://www.nsslabs.com.