MessageLabs Intelligence: Botnets On The Rise – Pushing Out 11% More Spam

I wrote an article, in June of this year, on FIFA World Cup spammers that turned out to be a popular article (over 4,000 reads) – so, I’ve decided Spam isn’t all bad after all.  🙂

I’m being more than a little facetious, of course. Spam, without a doubt, is one the worst things about the Internet.

MessageLabs Intelligence August 2010, report indicates (surprise, surprise), that there’s been a recent minor reduction in the total amount of spam in circulation. Offsetting this slightly good news though; the same report makes the point that spam, generated by botnets, has increased to 95 percent of all spam – up 11% in just five months.

The Rustock botnet continues to be the main culprit, pumping out 41 percent of all spam in August. This, despite the fact that the Rustock botnet has been reduced in size by roughly half.

Before you think that’s because we’re better at catching botneted machines – it’s not. The fact is, the Rustock botnet is now faster, and more efficient, because it no longer uses TLS encryption.

Selected stats from the report:

This month, there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.

The UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil.

The US is home to the greatest number of bots, most notably Rustock, Storm and Asprox.

A PDF version of the full report including additional findings on spam and security threats is available here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

FIFA World Cup Scammers Using Double Attack Mode Says Symantec Hosted Services

If one is good, then two must be better, right? FIFA World Cup  scammers apparently believe this double whammy approach will be more successful in helping them overcoming security safeguards, and perhaps even a targeted victim’s reluctance to engage with malicious email.

According to Symantec Hosted Services’ MessageLabs Intelligence unit, they have intercepted “a run of 45 targeted malware emails in route to a number of Brazilian companies across industries”.

The MessageLabs Intelligence unit discovered the attack had been crafted using both an infected  PDF attachment, and a malicious web link. The outcome of this double barreled approach could mean, “even if the malicious PDF attachment is removed by an anti-virus gateway, the malicious link remains in the body of the email and may still be delivered to the recipient” stated Symantec.

As the tournament continues, don’t be surprised to see more World Cup-related spam and malware threats emerge.

You can learn more about World Cup-related spam here.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cyber Criminals are Kicking Internet Users, and the World Cup

I’m a huge fan of the World Cup, but I have to admit, I’m totally annoyed that France eliminated Ireland on an illegal hand ball earlier this year. I’m Irish, by cultural extraction, so I get to feel this way.

By allowing this tainted win to stand, FIFA did nothing to enhance the perception of fairness in the “beautiful” game.

But, I’m digressing – this article is supposed to be about how cyber crooks are capitalizing on the World Cup, and screwing Internet users in the process.

Aware internet users know, that if an event is newsworthy, cyber criminals will exploit it to their own advantage. It’s no surprise then, that cyber criminals have jumped on the World Cup, and are already exploiting this enormously significant event.

Cybercriminals are experts at exploiting our curiosity surrounding current events, and by focusing on this aspect of social engineering (using a shotgun approach), they are increasingly creating opportunities designed to drop malicious code on our computers. Most of this activity is designed to separate unwitting victims from their money.

Cybercriminals can be much more direct though, in their attempts to separate victims from their money. The bad guys are now using specifically targeted email attacks against high profile officials in inter-governmental organizations, world wide.

Symantec Hosted Services has just reported they “first intercepted a FIFA World Cup related attack at the end of March 2010”, and additional targeted attacks have been uncovered since then. The attack emails are crafted in such a way that recipients are encouraged to open an attached, malicious, World Cup match schedule.

According to Symantec, “should the recipient become lured in, an open excel file will drop an executable on the compromised PC, creating a “backdoor” that bypasses normal authentication, connecting to the hacker’s machine.”

The following graphic is illustrative of the type of emails used by these cyber criminals.

You can learn more about these targeted attacks online at the MessageLabs Intelligence blog.

Additional information in the blog report includes:

What type of file do targeted attacks use the most in their attachments?

How are legitimate websites used in targeted attacks?

What other targeted attacks have arisen during the World Cup?

How can targeted attacks be detected?

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Storm Botnet Bounces Back

“You can’t keep a good man down”, is an old expression that’s familiar to many of us. It seems we could coin a new expression along the same lines – “You can’t keep a bad botnet down”.

Just when you think you’ve knocked them down for good, cyber criminal enterprises seem to magically reappear, and that old familiar spamming botnet, Storm, has raised its ugly head once more.

In a previous article here, Symantec Rubs the 2010 Malware Crystal Ball, in November, 2009, Symantec projected that this reemergence was likely to occur, so Kudos to Symantec – you called this one.

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

According to Symantec’s MessageLabs Intelligence, they “first saw this new variant of the botnet start spamming on 30 April…. containing links to web pages hosting the well known Canadian Pharmacy site”.

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

Typically, the email are short and sweet –

Get all the medications you want online!
Disappointed with your bad performance in bed?
great offers to spice it up in bed..
need some help in the bed?
its time to spice up the bed
Safest and approved method of male enhancing have a easier time making her…
Have long strong night in BED!
Get your favorite rxmedications here!
Win from benefits of hidden secret of pornstars!

For more information on this reemerging threat checkout The Return of Storm, on Symantec’s site.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

LoveBug – Not the Car: The Virus

Computing “old timers”, like me, are sure to remember the LoveBug virus first released in 2000 – but not fondly, I’ll wager. I’ve been told by Virginia Chaves over at Hill & Knowlton, that I should refer to myself not as an “old timer” but instead, as a “a seasoned pro”. I might just try that Virginia.

In any event, I’d quite forgotten the damage that this Worm caused, until I refreshed my memory by reading Symantec’s, MessageLabs Intelligence Special Report on LoveBug.

Surprisingly, for it’s day; even for today for that matter, LoveBug (you might remember it as – I Love You), was ferocious, causing an estimated 10 Billion dollars in damage – and that’s in 2000 valued dollars! Within days after its release into the wild, 1 of every 28 emails was infected by the LoveBug virus.

Looking back, I’m not sure why we were all so surprised with the efficiency of LoveBug – but we were. After all, in the previous year we had been forced to deal with “Melissa” – a highly successful attack, which is generally recognized as the first virus to use e-mail as the distribution channel.

Regular readers are likely to remember, we reported recently that MessageLabs April 2010 report indicated that currently (April 2010), 1 in every 287 emails is packed with a virus (as opposed to the 1 of every 28 e-mails infected by the LoveBug).

So, on the face of it; it may appear we’re making progress. Yet, the cynic in me has major reservation as to the accuracy of that statement. Or maybe, it’s just because I’m an “old timer”, and being cynical in these matters goes with the territory.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.