Attacks/Breaches
11/6/2013
11:02 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Commtouch Q3 Internet Threats Trend Report Highlights Real-Time Malware Campaigns And Increase In Phishing

Ever-growing exploitation of current news events continued in Q3

MCLEAN, Va., Nov. 6, 2013 /PRNewswire/ -- The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to the Q3 Internet Threats Trend Report issued by Commtouch® (NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services.

(Logo: http://photos.prnewswire.com/prnh/20130731/MM56946LOGO)

The ever-growing exploitation of current news events continued in Q3. The time between the news event and the related malware attack has steadily decreased throughout the year and now averages only 22 hours. Real-time malware campaigns in Q3 used news of royal baby Prince George, NSA whistleblower Edward Snowden, and the Syria crisis.

The number of phishing sites increased dramatically during Q3 by almost 35%. PayPal phishing sites alone accounted for approximately 750 new phishing sites each day.

A small decrease of 5% could be seen in the number of malicious websites listed in Commtouch's GlobalView URL database. Travel websites were the most popular website category for malware distributors, followed by transportation and business websites. Education, which was number one in Q2, fell to number six.

"The Q3 Trend Report highlights that the complexity of cybercriminal attacks is increasing," said Lior Kohavi, Chief Technical Officer at Commtouch. "Their campaigns are usually targeting end users - to protect the users, Internet service providers, email hosters, and content providers must be aware of these trends and continually improve their tools to fight these cybercriminals."

Other report highlights:

-- In the third quarter of 2013, spam levels continued to drop. The average daily amount of spam for the quarter was 69 billion messages compared to the second quarter's 83 billion - a drop of approximately 17%. Although the quarterly level is the lowest in more than four years, the average per month had been increasing since June's historic low of 63 billion messages per day until the drop in September. During Q3, spam represented 70% of all emails sent globally, dropping as low as 62% at the start of August. -- The most popular spam topic was dieting with a share of 40.2% (in Q2 it took position three, with 10.8%). Stock spam moved from 7th position (4.7%) in Q2 to 2nd position (20%) - so called penny stock spam could be seen on a regular basis in the last quarter. -- The average daily amount of malware found in emails remained almost unchanged compared to last quarter at nearly 2 billion emails per day. This average hides the steady increase from July to September which included outbreaks of double the daily average. -- India remains the world's top zombie hoster: During the third quarter of 2013, India stayed in first place with the most spam-sending bots - although their share dropped by 6% to 13.2%. Russia appeared to absorb most of this percentage and moved from 8th place into 2nd. New entries include Ukraine, Saudi Arabia, and Spain, while the United States, Serbia, and Mexico dropped out of the top 15. The Commtouch Security Lab's quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's GlobalView Cloud.

To view the entire Commtouch Q3 Internet Threats Trend Report, visit: www.commtouch.com/threat-report

About Commtouch Commtouch® (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 550 million end users. To learn more, visit www.commtouch.com.

-- Blog: http://blog.commtouch.com/cafe -- Facebook: www.facebook.com/commtouch -- LinkedIn: www.linkedin.com/company/commtouch -- Twitter: @Commtouch Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch. All other trademarks are the property of their respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.