According to Intel's security subsidiary McAfee, more six million unique malware samples were detected during 1Q11, a new record for the first calendar quarter.

Company officials said fake antivirus "had a very strong quarter" and predicted continuing activity in this area as it provides an immediate source of revenue (victims actually pay for the malware).

Password-stealing Trojans remain prevalent, with 'banker' Trojans (password stealers aimed specifically at online banking credentials) using bogus emails purporting to come from organisations including UPS, FedEx, and the US Postal Service and Internal Revenue Service.

Adobe products are "the favourite targets of client-side exploitation", according to McAfee.

Perhaps linked to the growth in malware, prices for some black market services have continued to fall. DDoS services can be had for $US10 per hour (between a half and one quarter of the going rate a year ago). Malware installation rates vary widely according geography: McAfee reports $US8 per 1000 installs of a single application in Asia, rising to $US160 in the US.

What about spam? See page 2.

---

Spam levels, already at the lowest point since 2007, dropped further during 1Q11 to approximately 1.5 trillion messages per day, or roughly three times the number of genuine messages. Part of the decrease is attributed to a concerted effort to shut down the Rustock botnet, but McAfee also reports that the price for sending spam has risen to $US1500 for 32 million, compared with $US1000 in 2007. Generally speaking, higher prices serve to reduce demand.

Common spam subjects varied significantly between countries. In Australia, delivery status notifications (DSN; typically used as bait for attached malware) were the most common, followed by 419 scams. In the US, product spam was way out in front with DSN in second place.

The full McAfee Threats Report for 1Q11 is available here [PDF, 6.9MB].