Attacks/Breaches
8/12/2010
02:04 PM
50%
50%

Symantec Finds 92% Of All E-Mail Is Spam

Report also says phishing is down despite the rise of a new Live-Chat based attack that tries to trick people into giving up personal details.

Spam is on the rise, and as of July 2010 comprises 92% of all e-mail messages, up from 89% just one year ago, according to a new Symantec study of spam and phishing trends.

Alarmingly, Symantec has also discovered a new type of attack that spoofs an e-commerce website's "live chat" feature that targets a person's login ID and password for the legitimate e-commerce site. "The phishing site involved bogus chat sessions to help the page look more authentic, trying to give customers the impression that the phishing website was interactive," said Symantec.

On the good news front, however, the amount of spam containing a phishing attack declined from June to July of this year by 5%.

Likewise, the number of different kinds of phishing attacks overall has been declining. In particular, the number of unique phishing websites -- created by automatic attack toolkits -- decreased by 60% from June to July, though the number of unique URLs used in phishing attacks increased by 10%.

In addition, non-English phishing sites -- especially in French and Italian -- have been continuing to grow, increasing by 15% from June to July of this year.

Spammers, ever topical, also continue to shift their tactics. A year ago, Barack Obama and Michael Jackson led the spam subject-line charts, while this past June the World Cup dominated. In July 2010, however, the most-seen spam subject line was "claim your part of the $20 billion BP oil fund."

Regional variations, however, are in full effect. Cruelly, Russian spammers are blanketing their country -- in the grip of a combined heat wave and wildfires of unknown magnitude -- with false advertisements for air conditioners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.