Attacks/Breaches
11/6/2013
11:02 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Commtouch Q3 Internet Threats Trend Report Highlights Real-Time Malware Campaigns And Increase In Phishing

Ever-growing exploitation of current news events continued in Q3

MCLEAN, Va., Nov. 6, 2013 /PRNewswire/ -- The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to the Q3 Internet Threats Trend Report issued by Commtouch® (NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services.

(Logo: http://photos.prnewswire.com/prnh/20130731/MM56946LOGO)

The ever-growing exploitation of current news events continued in Q3. The time between the news event and the related malware attack has steadily decreased throughout the year and now averages only 22 hours. Real-time malware campaigns in Q3 used news of royal baby Prince George, NSA whistleblower Edward Snowden, and the Syria crisis.

The number of phishing sites increased dramatically during Q3 by almost 35%. PayPal phishing sites alone accounted for approximately 750 new phishing sites each day.

A small decrease of 5% could be seen in the number of malicious websites listed in Commtouch's GlobalView URL database. Travel websites were the most popular website category for malware distributors, followed by transportation and business websites. Education, which was number one in Q2, fell to number six.

"The Q3 Trend Report highlights that the complexity of cybercriminal attacks is increasing," said Lior Kohavi, Chief Technical Officer at Commtouch. "Their campaigns are usually targeting end users - to protect the users, Internet service providers, email hosters, and content providers must be aware of these trends and continually improve their tools to fight these cybercriminals."

Other report highlights:

-- In the third quarter of 2013, spam levels continued to drop. The average daily amount of spam for the quarter was 69 billion messages compared to the second quarter's 83 billion - a drop of approximately 17%. Although the quarterly level is the lowest in more than four years, the average per month had been increasing since June's historic low of 63 billion messages per day until the drop in September. During Q3, spam represented 70% of all emails sent globally, dropping as low as 62% at the start of August. -- The most popular spam topic was dieting with a share of 40.2% (in Q2 it took position three, with 10.8%). Stock spam moved from 7th position (4.7%) in Q2 to 2nd position (20%) - so called penny stock spam could be seen on a regular basis in the last quarter. -- The average daily amount of malware found in emails remained almost unchanged compared to last quarter at nearly 2 billion emails per day. This average hides the steady increase from July to September which included outbreaks of double the daily average. -- India remains the world's top zombie hoster: During the third quarter of 2013, India stayed in first place with the most spam-sending bots - although their share dropped by 6% to 13.2%. Russia appeared to absorb most of this percentage and moved from 8th place into 2nd. New entries include Ukraine, Saudi Arabia, and Spain, while the United States, Serbia, and Mexico dropped out of the top 15. The Commtouch Security Lab's quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's GlobalView Cloud.

To view the entire Commtouch Q3 Internet Threats Trend Report, visit: www.commtouch.com/threat-report

About Commtouch Commtouch® (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 550 million end users. To learn more, visit www.commtouch.com.

-- Blog: http://blog.commtouch.com/cafe -- Facebook: www.facebook.com/commtouch -- LinkedIn: www.linkedin.com/company/commtouch -- Twitter: @Commtouch Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch. All other trademarks are the property of their respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

CVE-2015-0528
Published: 2015-03-29
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

CVE-2015-0996
Published: 2015-03-29
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive info...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.