Attacks/Breaches
10/15/2010
01:31 PM
Connect Directly
RSS
E-Mail
50%
50%

Phishing Attacks Rise Sharply But Spam Emails Decline

Automated botnet toolkits drive website security breaches, with social networks hit hard, Symantec report reveals.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Phishing attacks have risen sharply even though spam has declined to its lowest level since 2008, a new report reveals.

For September 2010, spam comprised 89.4% of all email, down from 92.5% in August, according to a new report from Symantec. The September total was the lowest level since 2008, when rogue ISP McColo was shut down. Phishing jumped by 52% in September from the month before.

"This [phishing increase] was primarily due to an increase in both automated toolkit attacks and unique phishing websites," said Symantec. Meanwhile, the number of phishing websites -- generated by automatic toolkits -- increased by 46%, unique URLs increased by 83% and phishing websites with all-numeric IP domains -- such as http://255.255.255.255 -- rose by roughly 35%.

One possible explanation for the decline in spam is "the shutdown of spamit.com," as well as the recent string of Zeus arrests made by the FBI and law enforcement agencies abroad.

However, Symantec warned that "if the aftermath of the McColo shutdown is any indication, the volume should gradually return over time." Security experts believe that at its peak, McColo was serving 75% of the world's spam.

Interestingly, Symantec also found that phishing attacks via social networks are rising, with a 38% jump in September from August. Just 79 free website hosting services accounted for 83% of all such attacks, while the others were hosted on websites with newly registered domain names or legitimate domains that had been compromised.

Another frequent scam involved using "typosquat" websites -- domain names with slight misspellings snapped up by attackers and primed to infect any PC that visits via drive-by downloads.

The most-used phishing schemes involved fake prize redemption, poker, porn -- "stating that free pornography is available for viewing upon entering login information” -- or free cell phone airtime.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2012-2588
Published: 2014-09-19
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.

CVE-2012-6659
Published: 2014-09-19
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-3614
Published: 2014-09-19
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

Best of the Web
Dark Reading Radio