Symantec Corp. (Nasdaq: SYMC) today announced the publication of its October 2009 MessageLabs Intelligence Report. Analysis reveals an increase in seasonally-themed spam including Halloween, Thanksgiving, Christmas and Valentine’s Day as well as a surge in phishing attacks related to tax deadlines in the UK and Australia. In mid-October MessageLabs Intelligence began seeing Halloween themed spam messages accounting for .5 percent of all spam increasing steadily and peaking at 500 million emails circulating worldwide daily as the holiday draws closer. Also in October, phishing runs purporting to be from the IRS (Internal Revenue Service) in the US and HMRC (Her Majesty’s Revenue and Customs) in the UK experienced a surge.
According to MessageLabs Intelligence, while the topic of the Halloween-themed emails, originating from the Rustock and Donbot botnets, appears to be for pharmaceuticals or software, the Christmas and Thanksgiving spam, sent by the Cutwail botnet, is for replica watches. The replica watch spam messages accounted for approximately 2 percent of spam in October. Two billion of these messages are projected to be in global circulation on a daily basis in the coming months. Interception of IRS phishing emails peaked on October 10accounting for 67 percent of all phishing emails in a 24-hour period while HMRC phishing emails, peaking on October 13, accounted for 81 percent of all phishing interceptions that day, one of the largest ever HMRC phishing runs.
“As is typical with spammers this time of year, we are seeing them try to capitalize on the holiday season,” said MessageLabs Intelligence Senior Analyst, Paul Wood. “Although they may be a bit overzealous, spamming is a numbers game and the spammers have certainly succeeded with volume thus far. Perhaps their early-bird approach is an attempt to compete with the other botnets and get in early to maximize their chances of success.”
Although tax-related phishing runs surged in October, phishing attacks in general have been declining compared to peaks of activity earlier in the year. MessageLabs Intelligence believes this is partly due to the reduction in phishing toolkits available for use. However, phishing runs in languages other than English, such as French and Italian, do appear to be increasing.
“When it comes to phishing runs,” Wood said, “we have seen a significant shift in the bad guys’ approach. Not only are they experimenting with different languages, they are also turning their attention to targeting online services like web-based email in addition to the financial sector. The reason is likely due to the widespread use of email addresses used to authenticate other sites such as social networking, retailing and auction sites.”
Also in October, MessageLabs Intelligence intercepted another batch of event-related advance-fee fraud style spam messages relating to the 2010 Soccer World Cup in South Africa. These require the target to pay a sum of money before receiving their advertised winnings.
Finally, MessageLabs Intelligence reported earlier in the month a rise in the volume of spam relating to the Bredolab Trojans being sent from the Cutwail (Pandex) botnet. Bredolab, a Trojan that arrives in the form of a zip attachment to an email, is designed to give the sender complete control of the target computer. The most recent emails have arrived with postal tracking numbers in the subject. Spam relating to the Bredolab Trojan reached its peak in October accounting for 3.5 percent of spam and 5.6 percent of malware each day of the month. MessageLabs Intelligence estimates 3.6 billion Bredolab malware emails are in circulation each day.
Other report highlights:
Spam: In October2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 88.1 percent (1 in 1.1 emails), reflecting a 1.7 percent increase since September.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 230.8 emails (0.43 percent) in October, an increase of 0.18 percent since September. In October, 19.2 percent of email-borne malware contained links to malicious websites, a decrease of 20.6 percent since September.
Phishing: In October, phishing activity was 1 in 293.7 emails (0.35 percent) an increase of 0.11 percent since September. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had decreased by 10.5 percent to 65.3 percent of all email-borne malware threats and phishing threats intercepted in October.
Web security: Analysis of web security activity shows that 37.6 percent of all web-based malware intercepted was new in October, an increase of 4.1 percent since September. MessageLabs Intelligence also identified an average of 3,086 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 32.1 percent since September.
• Spam levels in Denmark rose by 0.6 percent in October, ensuring its position as the most spammed country with levels of 96.2 percent of all email.
• In the US, spam increased to 94.0 percent and 93.0 percent in Canada. Spam levels rose to 93.3 percent in the UK.
• The largest increase in spam was for Mexico where spam levels rose by 4.8 percent to 92.7 percent. In the Netherlands, spam levels reached 93.5 percent, while spam levels in Australia rose to 92.9 percent.
• Spam levels in Hong Kong reached 94.5 percent and spam levels in Japan were at 91.7 percent.
• Virus activity in China rose by 0.77 percent to 1 in 80.7 emails, placing it at the top of the table for October.
• The largest increase for all countries was observed in Luxembourg, where virus activity increased by 97 percent to 1 in 91.9 emails.
• Virus levels for the US were 1 in 291.2 and 1 in 274.0 for Canada. In Germany, virus levels were 1 in 192.1, 1 in 367.8 for the Netherlands, 1 in 277.5 for Australia, 1 in 174.6 for Hong Kong and 1 in 248.7 for Japan.
• Luxembourg was the most active country for phishing attacks with 1 in 110.0 emails, followed by China with 1 in 138.2.
• In October, the most spammed industry sector with a spam rate of 95.4 percent was the Engineering sector.
• Spam levels for the Education sector were 94.6 percent, 93.6 percent for the Chemical & Pharmaceutical sector, 94.4 percent for Retail, 92.5 percent for Public Sector and 92.9 percent for Finance.
• Virus activity in the Education sector rose by 0.38 percent and remained at the top of the table with 1 in 116.5 emails being infected in October.
• Virus levels for the Chemical & Pharmaceutical sector were 1 in 221.8, 1 in 186.9 for the IT Services sector, 1 in 406.9 for Retail, 1 in 172.8 for Public Sector and 1 in 331.2 for Finance.
The October 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.
Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.
© 2000 - 2019 Al Bawaba (www.albawaba.com)