Spam is starting to level out, but malware is at an all-time high according to McAfee's second quarter threat report released today. Fake alerts have dropped off slightly while highly targeted malware using trending keywords on social media and search engines has increased. McAfee also warned of an inventive e-mail scam targeting IT managers with fake invoices for computer purchases.

Predictably, there was flurry of malware targeting World Cup fans, but each new event or trend brings its own threats. McAfee's social media and search engine findings are consistent with reports from Baraccuda and Symantec released at BlackHat late last month.

The report warns that domain-level URL blocking is no longer adequate. Much malware is now embedded in legitimate web sites, such as images on Wikipedia entries and Facebook profiles. According to the report, only 6% of the malicious URLs discovered by McAfee were a the path level - that number has increased to 16% this quarter.

McAfee notes that while signature based virus protection still protects against many threats, malware creators are releasing new versions every day to avoid detection. McAfee recommends real-time protection such as its Artemis product. Trend Micro and Kaspersky also offer real-time protection products.

McAfee notes that AutoRun is still the most commonly exploited vulnerability on Windows machines and recommends disabling AutoRun if it's not necessary.