Attacks/Breaches
10/15/2010
01:31 PM
50%
50%

Phishing Attacks Rise Sharply But Spam Emails Decline

Automated botnet toolkits drive website security breaches, with social networks hit hard, Symantec report reveals.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Phishing attacks have risen sharply even though spam has declined to its lowest level since 2008, a new report reveals.

For September 2010, spam comprised 89.4% of all email, down from 92.5% in August, according to a new report from Symantec. The September total was the lowest level since 2008, when rogue ISP McColo was shut down. Phishing jumped by 52% in September from the month before.

"This [phishing increase] was primarily due to an increase in both automated toolkit attacks and unique phishing websites," said Symantec. Meanwhile, the number of phishing websites -- generated by automatic toolkits -- increased by 46%, unique URLs increased by 83% and phishing websites with all-numeric IP domains -- such as http://255.255.255.255 -- rose by roughly 35%.

One possible explanation for the decline in spam is "the shutdown of spamit.com," as well as the recent string of Zeus arrests made by the FBI and law enforcement agencies abroad.

However, Symantec warned that "if the aftermath of the McColo shutdown is any indication, the volume should gradually return over time." Security experts believe that at its peak, McColo was serving 75% of the world's spam.

Interestingly, Symantec also found that phishing attacks via social networks are rising, with a 38% jump in September from August. Just 79 free website hosting services accounted for 83% of all such attacks, while the others were hosted on websites with newly registered domain names or legitimate domains that had been compromised.

Another frequent scam involved using "typosquat" websites -- domain names with slight misspellings snapped up by attackers and primed to infect any PC that visits via drive-by downloads.

The most-used phishing schemes involved fake prize redemption, poker, porn -- "stating that free pornography is available for viewing upon entering login information” -- or free cell phone airtime.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.