Symantec has announced the publication of its June 2011 Symantec Intelligence Report, the first Symantec report to combine research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. This month's analysis reveals that spam is currently at the lowest level it has been since the takedown of McColo, a California-based ISP which hosted command and control channels for a number of major botnets, in November 2008.
Since the shutdown of Rustock, the largest spam-sending botnet, in March 2011, the volume of spam in global circulation each day continues to fluctuate. Spam accounted for 72,9% of e-mail in June, returning to the same level as in April earlier this year. According to Symantec Intelligence, 76,6% of this spam was sent by botnets, compared with 83,1% in March.
“Despite the decrease in botnet spam this month, they should still be considered a dangerous force on the Internet. Cybercriminals continue to use botnets to conduct distributed denial of service attacks (DDoS), carry out fraudulent click-throughs on unsuspecting websites for financial gain, host illegal Web site content on infected computers, harvest personal data from infected users and install spyware to track victims' activities online,” said Paul Wood, senior intelligence analyst, Symantec.cloud.
“Spam remains a huge problem and spam levels continue to be unpredictable. Following the disruption of Rustock in March, approximately 36,9 billion spam e-mails were in circulation each day during April. This number rose to 41,7 billion in May, before falling back to 39,2 billion in June. During the same period last year, spam accounted for 121,5 billion e-mails in global circulation each day, equivalent to 89,3% of email traffic in June 2010. Over a 12 month period, a drop of 68,7% in volume resulted in a fall of only 16,4 percentage points in the overall global spam rate,” added Wood.
In the latest analysis, spam relating to pharmaceutical products accounted for 40% of all spam in June 2011, declining from 64,2% at the end of 2010. Spam subject line analysis shows that adult spam continues to flourish.
Last month, Symantec Intelligence also identified a new spam tactic being used, which introduced the ‘Wiki’ name prefix for the promotion of fake pharmaceutical products relating to a new pharmacy brand, WikiPharmacy. The ‘Subject:’ line in these attacks has a lot of randomisation contained in the text. The ‘From:’ header is either fake or a hijacked ISP account that gives a personalised appearance to the e-mail.
Other report highlights:
Spam: In June 2011, the global ratio of spam in e-mail traffic decreased by 2,9% since May 2011 to 72,9% (1 in 1,37 e-mails).
Phishing: In June, phishing activity decreased by 0,06% since May 2011; one in 286,7 e-mails (0,349%) comprised some form of phishing attack.
E-mail-borne threats: The global ratio of e-mail-borne viruses in e-mail traffic was one in 300,7 e-mails (0,333%) in June, a decrease of 0,117 percentage points since May 2011.
Web-based malware threats: In June, MessageLabs Intelligence identified an average of 5415 Web sites each day harbouring malware and other potentially unwanted programs including spyware and adware; an increase of 70,8% since May 2011.
Endpoint threats: The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit, a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions.
South Africa remained the most targeted geography for phishing e-mails in June, with 1 in 111,7 e-mails identified as phishing attacks.
Vertical trends:
The Public Sector remained the most targeted by phishing activity in June, with 1 in 83,7 e-mails comprising a phishing attack. Phishing levels for the Chemical & Pharmaceutical sector were 1 in 897,3 and 1 in 798,3 for the IT Services sector; 1 in 663,2 for Retail, 1 in 151.4 for Education and 1 in 160,8 for Finance.
With 1 in 73,1 e-mails being blocked as malicious, the Public Sector remained the most targeted industry in June. Virus levels for the Chemical & Pharmaceutical sector were 1 in 509,4 and 1 in 513,8 for the IT Services sector; 1 in 532,8 for Retail, 1 in 130,4 for Education and 1 in 182,3 for Finance.
The June 2011 Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.symanteccloud.com/globalthreats/overview/r_mli_reports
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version