Attacks/Breaches
11/6/2013
11:02 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Commtouch Q3 Internet Threats Trend Report Highlights Real-Time Malware Campaigns And Increase In Phishing

Ever-growing exploitation of current news events continued in Q3

MCLEAN, Va., Nov. 6, 2013 /PRNewswire/ -- The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to the Q3 Internet Threats Trend Report issued by Commtouch® (NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services.

(Logo: http://photos.prnewswire.com/prnh/20130731/MM56946LOGO)

The ever-growing exploitation of current news events continued in Q3. The time between the news event and the related malware attack has steadily decreased throughout the year and now averages only 22 hours. Real-time malware campaigns in Q3 used news of royal baby Prince George, NSA whistleblower Edward Snowden, and the Syria crisis.

The number of phishing sites increased dramatically during Q3 by almost 35%. PayPal phishing sites alone accounted for approximately 750 new phishing sites each day.

A small decrease of 5% could be seen in the number of malicious websites listed in Commtouch's GlobalView URL database. Travel websites were the most popular website category for malware distributors, followed by transportation and business websites. Education, which was number one in Q2, fell to number six.

"The Q3 Trend Report highlights that the complexity of cybercriminal attacks is increasing," said Lior Kohavi, Chief Technical Officer at Commtouch. "Their campaigns are usually targeting end users - to protect the users, Internet service providers, email hosters, and content providers must be aware of these trends and continually improve their tools to fight these cybercriminals."

Other report highlights:

-- In the third quarter of 2013, spam levels continued to drop. The average daily amount of spam for the quarter was 69 billion messages compared to the second quarter's 83 billion - a drop of approximately 17%. Although the quarterly level is the lowest in more than four years, the average per month had been increasing since June's historic low of 63 billion messages per day until the drop in September. During Q3, spam represented 70% of all emails sent globally, dropping as low as 62% at the start of August. -- The most popular spam topic was dieting with a share of 40.2% (in Q2 it took position three, with 10.8%). Stock spam moved from 7th position (4.7%) in Q2 to 2nd position (20%) - so called penny stock spam could be seen on a regular basis in the last quarter. -- The average daily amount of malware found in emails remained almost unchanged compared to last quarter at nearly 2 billion emails per day. This average hides the steady increase from July to September which included outbreaks of double the daily average. -- India remains the world's top zombie hoster: During the third quarter of 2013, India stayed in first place with the most spam-sending bots - although their share dropped by 6% to 13.2%. Russia appeared to absorb most of this percentage and moved from 8th place into 2nd. New entries include Ukraine, Saudi Arabia, and Spain, while the United States, Serbia, and Mexico dropped out of the top 15. The Commtouch Security Lab's quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's GlobalView Cloud.

To view the entire Commtouch Q3 Internet Threats Trend Report, visit: www.commtouch.com/threat-report

About Commtouch Commtouch® (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 550 million end users. To learn more, visit www.commtouch.com.

-- Blog: http://blog.commtouch.com/cafe -- Facebook: www.facebook.com/commtouch -- LinkedIn: www.linkedin.com/company/commtouch -- Twitter: @Commtouch Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch. All other trademarks are the property of their respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.