Tag Archives: MessageLabs Intelligence

Symantec Hosted Services 2010 Security Report Released

imageLooking back at what we’ve experienced in the past, enhances our ability to look ahead, and as high level computer users’ (the majority of readers on this site), it’s important to try to get a feel for what we’re likely to encounter in the malware threat landscape in the coming year.

Symantec Hosted Services, MessageLabs Intelligence division, has just released it’s annual security report which presents, in some detail, data on the types of diversified attacks we had to content with this past year.

As a precursor of things to come, Symantec predicts that in 2011 – “botnet controllers will resort to employing steganography techniques to control their computers.

This means hiding their commands in plain view – perhaps within images or music files distributed through file sharing or social networking web sites. This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure thus minimizing the chances of discovery”.

If the past is a reasonable predictor of the future, and it’s almost certain that it is, then it we’re in for another rough year.

2010 Report highlights:

Web Security: For 2010, the average number of new malicious websites blocked each day rose to 3,066 compared to 2,465 for 2009, an increase of 24.3 percent. MessageLabs Intelligence identified malicious web threats on 42,926 distinct domains, the majority of which were compromised legitimate domains.

Spam: In 2010 the annual average global spam rate was 89.1 percent, an increase of 1.4 percent on the 2009. In August, the global spam rate peaked at 92.2 percent when the proportion of spam sent from botnets rose to 95 percent as a new variant of the Rustock botnet was seeded and quickly put to use.

Viruses: In 2010, the average rate for malware contained in email traffic was 1 in 284.2 emails (0.352 percent) almost unchanged when compared with 1 in 286.4 (0.349%) for 2009. In 2010, over 115.6 million emails were blocked by Skeptic™ representing an increase of 58.1 percent compared with 2009. There were 339.673 different malware strains identified in the malicious emails blocked. This represents more than a hundred fold increase over 2009 and is due to growth in polymorphic malware variants.

Phishing: In 2010, the average ratio of email traffic blocked as phishing attacks was 1 in 444.5 (0.23 percent), compared with 1 in 325.2 (0.31 percent) in 2009. Approximately 95.1 billion phishing emails were projected to be in circulation in 2010.

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

Symantec’s latest MessageLabs Intelligence Report is scary stuff, and I encourage you to read this report which will give you some indication of where we’re likely headed, and what we’ll have to deal with.

The annual MessageLabs Intelligence Report provides greater detail on all the trends and figures noted above, as well as more detailed trends for 2010. The full report is available here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Malware Advisories, MessageLabs, Point of View, Reports, Symantec

Symantec MessageLabs Intelligence October 2010 Report – Targeted Email Attacks On The Rise

imageEven in a world where Internet threats present an ever evolving and increasingly sophisticated danger to businesses, targeted email attacks are the most potent of all – potentially dealing  devastating short and long-term damage to the victims.

Counter to intuitive thinking, a high degree of sophistication gives these low volume, highly personalized emails an edge, and a higher probability of success than mass email blasts.

The goal of targeted attacks is simple – an attempt to gain access to specific sensitive data, intellectual property or confidential internal systems, by targeting specific individuals and companies.

According to Symantec Hosted Services, targeted attacks on the retail sector took a big jump in October, with 25 percent of all targeted attacks directed at this economic sector.

When you consider that in the previous 2 years, less than half of one percent of targeted email attacks were directed at the retail sector – versus the 25% discovered by Symantec Hosted Services in October, it’s evident cyber crooks have a razor sharp focus on the retail sector.

The spam landscape changes constantly, and while your industry sector may not be in the crosshairs currently, given that 200 and 300 organizations are targeted each month with the industry sector varying, it may be only a matter of time.

Knowledge is power, and as computer users we need as much power as we can get in order to stay safe on the Internet, so I encourage you to read the highlights of MessageLabs Intelligence October report, just released today. The full report is available here.

Selected report highlights:

Spam: In October 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 87.5 percent (1 in 1.4 emails), a decrease of 4.2 percentage points since September.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 221.9 emails (0.45 percent) in October, an decrease of .01 percentage points since September. In October, 23.1 percent of email-borne malware contained links to malicious websites, an increase of 15.5 percentage points since September.

Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Phishing: In October, phishing activity was 1 in 488.0 emails (0.20 percent), a decrease of 0.06 percentage points since September.

Web security: Analysis of web security activity shows that 51.3 percent of malicious domains blocked were new in October, an increase of 17.7 percentage points since September. Additionally, 24.7 percent of all web-based malware blocked was new in October, an increase of 2.9 percentage points since last month. MessageLabs Intelligence also identified an average of 2,280 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 23.9 percent since September.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, Malware Advisories, MessageLabs, Symantec, trojans, worms

Aussie or Kiwi? – Stay Clear Of This McDonald’s Survey Phishing Scam

image Would you fill out a survey, sponsored by McDonald’s, if they paid you 90 dollars for doing it? I’ll go out on a limb here and say – yes you would.  🙂  Just like most offers that sound overly attractive though – this offer is a scam.

Jump into this one, and you’ll stand a good chance of losing your credit card information. So, no 90 dollars; just a real messy credit cleanup to look forward to.

According to Symantec Hosted Services unit, MessageLabs Intelligence, this scam (so far limited to Australia and New Zealand), is not only plausible, but in appearance, it could easily pass for the real thing.

image

Image courtesy of Symantec.

Filling out the survey form really isn’t the hook – that comes later. Clicking on the “proceed” link (this is where you get the 90 bucks), opens the following screen.

image

Image courtesy of Symantec.

If, at this point, you don’t hear a loud WTF, resonating in your head – you’re about to become a cyber crime victim.

The rest of us (non Australian or New Zealanders), shouldn’t be complacent because, for the moment, this scam is appearing only in that part of the world. If this scam works there, and I suspect it will work very well, there’s little doubt it will soon be on it’s way to you’re inbox.

For additional information on this scam checkout Nick Johnston’s Blog post over at the Symantec Hosted Services Blog.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Windows Tips and Tools

Symantec Discovers An Airport Internet Terminal Security Threat

Nick Johnston, Senior Software Engineer at Symantec Hosted Services, has just posted a warning on the MessageLabs Intelligence Blog – Scareware Haunts Airport Internet Terminals, that all air travelers should read.

Here’s a preview –

This year, people traveling by air have had to contend with disruption caused by the volcanic ash cloud from the Eyjafjallajökull eruption in Iceland, industrial action and tour operators collapsing. But while traveling ourselves, we noticed another threat: airport Internet terminals infected with malware.

Many airports have public Internet terminals for passengers without their own laptops to check email or browse the Web. In a large airport in England, we noticed one terminal with an usual “Defense Center Installer” dialog box. “Defense Center Installer” is a fake anti-virus software, also known as “scareware”.

This type of malware claims that a user is infected with a virus, and encourages them to buy the full version of the software to …….

To read the rest of this article, visit the MessageLabs Intelligence Blog.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under cybercrime, Don't Get Hacked, Internet Security Alerts, Malware Advisories, MessageLabs, Online Safety, Recommended Web Sites, scareware, Symantec, Windows Tips and Tools

MessageLabs Intelligence: Botnets On The Rise – Pushing Out 11% More Spam

I wrote an article, in June of this year, on FIFA World Cup spammers that turned out to be a popular article (over 4,000 reads) – so, I’ve decided Spam isn’t all bad after all.  🙂

I’m being more than a little facetious, of course. Spam, without a doubt, is one the worst things about the Internet.

MessageLabs Intelligence August 2010, report indicates (surprise, surprise), that there’s been a recent minor reduction in the total amount of spam in circulation. Offsetting this slightly good news though; the same report makes the point that spam, generated by botnets, has increased to 95 percent of all spam – up 11% in just five months.

The Rustock botnet continues to be the main culprit, pumping out 41 percent of all spam in August. This, despite the fact that the Rustock botnet has been reduced in size by roughly half.

Before you think that’s because we’re better at catching botneted machines – it’s not. The fact is, the Rustock botnet is now faster, and more efficient, because it no longer uses TLS encryption.

Selected stats from the report:

This month, there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.

The UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil.

The US is home to the greatest number of bots, most notably Rustock, Storm and Asprox.

A PDF version of the full report including additional findings on spam and security threats is available here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under cybercrime, Don't Get Scammed, Email, email scams, MessageLabs, Reports, spam, Symantec, Windows Tips and Tools

Spammers Trigger Your Behavior By Using Just The Right Words

Spam is not just spam – there’s plain old sales spam; malware spam; phishing spam; targeted attack spam …….

As I write this, I can’t help but remember Bubba, in the movie Forrest Gump, describing shrimp – “There’s shrimp-kabobs, shrimp creole, shrimp gumbo. Pan fried, deep fried, stir-fried. There’s pineapple shrimp, lemon shrimp, coconut shrimp, pepper shrimp, shrimp soup, shrimp stew, shrimp salad, shrimp burger, shrimp sandwich ………” Spam is kind of like Bubba’s shrimp – you can do a lot with spam.

While spam may often appear to be a chaotic mess – don’t believe it. Spammers are smart – very smart. Spam, at its core is a form of advertising; advertising that works.

Words, in good advertising, pack a punch. And, spammers are increasingly relying on “power words” which pack a punch. Power words designed to impact, to provide impetus for action,  and not surprisingly, to engage your subconscious.

Symantec Hosted Services security experts, have detected patterns in spam word usage; identifying the most commonly used words in specific types of spam, as the following graphics illustrate..

Sales spam word usage.

image

Malware word usage.

image

Phishing word usage.

image

Targeted attack word usage.

image

For additional information on this issue, read Symantec’s Mathew Nisbet’s Blog post here. Reading this type of article is certainly educational, and can be a major step in expanding that sense of threat awareness that active Internet users’ require.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Spammers Trigger Your Behavior By Using Just The Right Words

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, internet scams, MessageLabs, spam, Symantec, Windows Tips and Tools

Shortened URLs – One More Thing To Worry About

image I’ve always though that shortened URLs were one of the dumbest things to ever come down the Internet highway. Given the state of Internet security, who in their right mind would click on a link that looks like this – http://om.ly/2efrq, in an email (for example), as opposed to a link that looks like this – https://billmullins.wordpress.com/.

Anyone who clicks on a shortened URL, in my view, is surfing the Net with their eyes shut. I’m not suggesting that a legitimate looking link is any safer, but at least you should have some idea where it is you’re supposed to end up.

We shouldn’t be too surprised then, to see email spammers (who use every tactic available), take advantage of the obstrufication cause by shortened URLs. Shortened URLs are, in a real sense, hidden web addresses.

There’s little surprise then, that according to the July 2010 MessageLabs Intelligence Report, shortened URLs in spam, are fast becoming a sustained spamming tactic due to loop holes in CAPTCHA requirements for the tiny links, and free-of-charge URL shortening services.

Highlights from Symantec’s July 2010 MessageLabs Intelligence Report:

Spam: In July 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 88.9 percent (1 in 1.12 emails), a decrease of 0.4 percentage points since June.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 306.1 emails (0.327 percent) in July, a decrease of 0.04 percentage points since June. In July, 17.1 percent of email-borne malware contained links to malicious websites, an increase of .4 percentage points since June.

Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Phishing: In July, phishing activity was 1 in 557.5 emails (0.179 percent) an increase of 0.02 percentage points since June. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had decreased by 3.2 percentage points to 60.2 percent of all email-borne malware and phishing threats combined.

Web security: Analysis of web security activity shows that 30.5 percent of malicious domains blocked were new in July, an increase of 0.2 percentage points since June. Additionally, 13.0% of all web-based malware blocked was new in July; an increase of 0.5 percentage points since last month. MessageLabs Intelligence also identified an average of 4,425 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 176.9 percent since June.

The July 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

17 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, internet scams, Internet Security Alerts, MessageLabs, Online Safety, Symantec, Windows Tips and Tools