Attacks/Breaches
10/15/2010
01:31 PM
Connect Directly
RSS
E-Mail
50%
50%

Phishing Attacks Rise Sharply But Spam Emails Decline

Automated botnet toolkits drive website security breaches, with social networks hit hard, Symantec report reveals.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Phishing attacks have risen sharply even though spam has declined to its lowest level since 2008, a new report reveals.

For September 2010, spam comprised 89.4% of all email, down from 92.5% in August, according to a new report from Symantec. The September total was the lowest level since 2008, when rogue ISP McColo was shut down. Phishing jumped by 52% in September from the month before.

"This [phishing increase] was primarily due to an increase in both automated toolkit attacks and unique phishing websites," said Symantec. Meanwhile, the number of phishing websites -- generated by automatic toolkits -- increased by 46%, unique URLs increased by 83% and phishing websites with all-numeric IP domains -- such as http://255.255.255.255 -- rose by roughly 35%.

One possible explanation for the decline in spam is "the shutdown of spamit.com," as well as the recent string of Zeus arrests made by the FBI and law enforcement agencies abroad.

However, Symantec warned that "if the aftermath of the McColo shutdown is any indication, the volume should gradually return over time." Security experts believe that at its peak, McColo was serving 75% of the world's spam.

Interestingly, Symantec also found that phishing attacks via social networks are rising, with a 38% jump in September from August. Just 79 free website hosting services accounted for 83% of all such attacks, while the others were hosted on websites with newly registered domain names or legitimate domains that had been compromised.

Another frequent scam involved using "typosquat" websites -- domain names with slight misspellings snapped up by attackers and primed to infect any PC that visits via drive-by downloads.

The most-used phishing schemes involved fake prize redemption, poker, porn -- "stating that free pornography is available for viewing upon entering login information” -- or free cell phone airtime.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.