02:41 PM
Connect Directly

Phishing, Spam Containing Malware Increase

Spammers seeking to rebuild botnets after legal actions shut down several zombie networks are driving a surge in malware-containing spam according toe Symantec.

Last month saw a surge in malware-containing spam, according to a new study by Symantec. Interestingly, while Symantec said that malware-containing spam never comprised more than 3% of all spam on any given day in 2010, all of that changed in June. "Malware spam made up almost 12% of all spam on June 13th, and topped 5% on June 3rd and 15th," according to the report.

What's behind the increase? According to Symantec, spammers appear to be "trying to make up for the loss of several zombie networks, due to legal actions." In other words, they're pumping out spam with malware in an attempt to build their botnets back up to full strength, adding as many compromised -- aka zombie -- PCs as they can.

Spam-containing malware isn't the only attack that's lately been on the increase. Indeed, from May to June 2010, the incidence of phishing attacks increased by 25%. In part, this was due to the prevalence of attackers using automated toolkits for creating their phishing attacks; the use of such toolkits more than doubled in that timeframe. The number of free webhosting services being used in such attacks also increased by 26% from May to June, to comprise 11% of all phishing attacks.

As always, the primary motive behind phishing attacks appears to be monetary, with 85% of all phishing attacks targeting financial institutions, versus 14% targeting information services companies, and less than 1%, government agencies.

On a positive note, however, the amount of spam in the wild has recently declined. While spam comprised 88.3% of all email messages in June, that was down from 89.8% in May.

In recent months, attackers have also been creating more phishing websites that spoof Google's social networking site Orkut, especially in Brazilian Portuguese, since Orkut's biggest traction is in Brazil, said Symantec. These spoof sites have even been going so far as to mimic Google's changing imagery, often based on popular holidays, such as Earth Day and Mother's Day. This attention to detail may result from the need to trick the maximum number of people during the short window that a phishing site remains active -- just 54 hours, according to Symantec -- before it gets shut down.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-08-29 in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Published: 2014-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

Published: 2014-08-29
IBM Worklight Foundation 5.x and 6.x before, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.