Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Is Thanksgiving Week Really the Peak for System Infection?

Why would a security tools firm make the claim that three days before Thanksgiving is the busiest day of the year for malware attacks?

According to the Guardian, PC Tools are claiming just that, and they are claiming that this coming Monday, 24 November, will be the busiest day this year for computer based attacks.

This is assuming that the pattern of attacks follows the trends of last year, where the prediction is based from. The big question is why is this the case? There may be a very logical reason why PC Tools have chosen to link the peak in attacks to the US Thanksgiving holiday. The day after Thanksgiving, known colloquially as Black Friday, traditionally marks the start of the Christmas shopping season in the United States and is one of the biggest days for retail sales in any given year, though the actual busiest day for both online and brick-and-mortar sales is usually later in the shopping season.

Malware and virus infections tend to peak on an intra-week basis at the start of the week due to employees returning to work and reading emails, opening attachments, looking at sites that may not have been blocked or identified as malicious over the weekend.

Since the Thanksgiving holiday marks an unofficial four day long weekend for many Americans it could represent a better than normal opportunity to infect systems, but this discounts the rest of the world, which doesn't mark Thanksgiving. If the peak in infections is actually a result of targeting US systems, surely Thanksgiving eve would actually be a better time to launch an automated attack, given the unofficial four day long weekend. Since PC Tools have not identified this as the date, it suggests that the infections rely upon actual user interaction for success. To achieve this, many malware types try to capitalise on current events, promising some exclusive on an event that is taking place. Looking at the month of November 2007 it can be seen that there are many significant events that took place in November, and there are several potential candidates leading up to November 19 (three days before Thanksgiving, 2007) which could be sent as a malware flood.

Looking at other analysis, this time from Kaspersky, claiming that late November is the peak date for infection doesn't seem to carry much weight. Kaspersky's published analysis for 2007 shows across malware, spam, and malware via email there wasn't a significant spike in November to support PC Tools' claims. There were one or two minor spikes for specific malware and spam types, but nothing which would significantly back the claims from PC Tools. Even the data from Microsoft's Security Report suggests that growth in infection and malware is ongoing. If any segment of analysis has demonstrated a decrease following a November peak, it looks to be a loose correlation at best.

If PC Tools have the figures to back up their claims, then they really need to release them, since the available figures from other industry participants do not readily back up PC Tools' claim. Indeed, the claim seems to be so important that PC Tools have not mentioned it at all on their own site (at least at the time of publishing this article).

Given that the link from the Guardian goes directly to a PC Tools product site, the claims look more and more like marketing puffery than actual analysis and research findings.

19 November 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.