Attacks/Breaches
10/15/2010
01:31 PM
50%
50%

Phishing Attacks Rise Sharply But Spam Emails Decline

Automated botnet toolkits drive website security breaches, with social networks hit hard, Symantec report reveals.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Phishing attacks have risen sharply even though spam has declined to its lowest level since 2008, a new report reveals.

For September 2010, spam comprised 89.4% of all email, down from 92.5% in August, according to a new report from Symantec. The September total was the lowest level since 2008, when rogue ISP McColo was shut down. Phishing jumped by 52% in September from the month before.

"This [phishing increase] was primarily due to an increase in both automated toolkit attacks and unique phishing websites," said Symantec. Meanwhile, the number of phishing websites -- generated by automatic toolkits -- increased by 46%, unique URLs increased by 83% and phishing websites with all-numeric IP domains -- such as http://255.255.255.255 -- rose by roughly 35%.

One possible explanation for the decline in spam is "the shutdown of spamit.com," as well as the recent string of Zeus arrests made by the FBI and law enforcement agencies abroad.

However, Symantec warned that "if the aftermath of the McColo shutdown is any indication, the volume should gradually return over time." Security experts believe that at its peak, McColo was serving 75% of the world's spam.

Interestingly, Symantec also found that phishing attacks via social networks are rising, with a 38% jump in September from August. Just 79 free website hosting services accounted for 83% of all such attacks, while the others were hosted on websites with newly registered domain names or legitimate domains that had been compromised.

Another frequent scam involved using "typosquat" websites -- domain names with slight misspellings snapped up by attackers and primed to infect any PC that visits via drive-by downloads.

The most-used phishing schemes involved fake prize redemption, poker, porn -- "stating that free pornography is available for viewing upon entering login information” -- or free cell phone airtime.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8899
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.