02:41 PM

Phishing, Spam Containing Malware Increase

Spammers seeking to rebuild botnets after legal actions shut down several zombie networks are driving a surge in malware-containing spam according toe Symantec.

Last month saw a surge in malware-containing spam, according to a new study by Symantec. Interestingly, while Symantec said that malware-containing spam never comprised more than 3% of all spam on any given day in 2010, all of that changed in June. "Malware spam made up almost 12% of all spam on June 13th, and topped 5% on June 3rd and 15th," according to the report.

What's behind the increase? According to Symantec, spammers appear to be "trying to make up for the loss of several zombie networks, due to legal actions." In other words, they're pumping out spam with malware in an attempt to build their botnets back up to full strength, adding as many compromised -- aka zombie -- PCs as they can.

Spam-containing malware isn't the only attack that's lately been on the increase. Indeed, from May to June 2010, the incidence of phishing attacks increased by 25%. In part, this was due to the prevalence of attackers using automated toolkits for creating their phishing attacks; the use of such toolkits more than doubled in that timeframe. The number of free webhosting services being used in such attacks also increased by 26% from May to June, to comprise 11% of all phishing attacks.

As always, the primary motive behind phishing attacks appears to be monetary, with 85% of all phishing attacks targeting financial institutions, versus 14% targeting information services companies, and less than 1%, government agencies.

On a positive note, however, the amount of spam in the wild has recently declined. While spam comprised 88.3% of all email messages in June, that was down from 89.8% in May.

In recent months, attackers have also been creating more phishing websites that spoof Google's social networking site Orkut, especially in Brazilian Portuguese, since Orkut's biggest traction is in Brazil, said Symantec. These spoof sites have even been going so far as to mimic Google's changing imagery, often based on popular holidays, such as Earth Day and Mother's Day. This attention to detail may result from the need to trick the maximum number of people during the short window that a phishing site remains active -- just 54 hours, according to Symantec -- before it gets shut down.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.