02:41 PM

Phishing, Spam Containing Malware Increase

Spammers seeking to rebuild botnets after legal actions shut down several zombie networks are driving a surge in malware-containing spam according toe Symantec.

Last month saw a surge in malware-containing spam, according to a new study by Symantec. Interestingly, while Symantec said that malware-containing spam never comprised more than 3% of all spam on any given day in 2010, all of that changed in June. "Malware spam made up almost 12% of all spam on June 13th, and topped 5% on June 3rd and 15th," according to the report.

What's behind the increase? According to Symantec, spammers appear to be "trying to make up for the loss of several zombie networks, due to legal actions." In other words, they're pumping out spam with malware in an attempt to build their botnets back up to full strength, adding as many compromised -- aka zombie -- PCs as they can.

Spam-containing malware isn't the only attack that's lately been on the increase. Indeed, from May to June 2010, the incidence of phishing attacks increased by 25%. In part, this was due to the prevalence of attackers using automated toolkits for creating their phishing attacks; the use of such toolkits more than doubled in that timeframe. The number of free webhosting services being used in such attacks also increased by 26% from May to June, to comprise 11% of all phishing attacks.

As always, the primary motive behind phishing attacks appears to be monetary, with 85% of all phishing attacks targeting financial institutions, versus 14% targeting information services companies, and less than 1%, government agencies.

On a positive note, however, the amount of spam in the wild has recently declined. While spam comprised 88.3% of all email messages in June, that was down from 89.8% in May.

In recent months, attackers have also been creating more phishing websites that spoof Google's social networking site Orkut, especially in Brazilian Portuguese, since Orkut's biggest traction is in Brazil, said Symantec. These spoof sites have even been going so far as to mimic Google's changing imagery, often based on popular holidays, such as Earth Day and Mother's Day. This attention to detail may result from the need to trick the maximum number of people during the short window that a phishing site remains active -- just 54 hours, according to Symantec -- before it gets shut down.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-03-27
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

Published: 2015-03-27
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

Published: 2015-03-27
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over...

Published: 2015-03-27
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path.

Published: 2015-03-27
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.