Attacks/Breaches
11/6/2013
11:02 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Commtouch Q3 Internet Threats Trend Report Highlights Real-Time Malware Campaigns And Increase In Phishing

Ever-growing exploitation of current news events continued in Q3

MCLEAN, Va., Nov. 6, 2013 /PRNewswire/ -- The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to the Q3 Internet Threats Trend Report issued by Commtouch® (NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services.

(Logo: http://photos.prnewswire.com/prnh/20130731/MM56946LOGO)

The ever-growing exploitation of current news events continued in Q3. The time between the news event and the related malware attack has steadily decreased throughout the year and now averages only 22 hours. Real-time malware campaigns in Q3 used news of royal baby Prince George, NSA whistleblower Edward Snowden, and the Syria crisis.

The number of phishing sites increased dramatically during Q3 by almost 35%. PayPal phishing sites alone accounted for approximately 750 new phishing sites each day.

A small decrease of 5% could be seen in the number of malicious websites listed in Commtouch's GlobalView URL database. Travel websites were the most popular website category for malware distributors, followed by transportation and business websites. Education, which was number one in Q2, fell to number six.

"The Q3 Trend Report highlights that the complexity of cybercriminal attacks is increasing," said Lior Kohavi, Chief Technical Officer at Commtouch. "Their campaigns are usually targeting end users - to protect the users, Internet service providers, email hosters, and content providers must be aware of these trends and continually improve their tools to fight these cybercriminals."

Other report highlights:

-- In the third quarter of 2013, spam levels continued to drop. The average daily amount of spam for the quarter was 69 billion messages compared to the second quarter's 83 billion - a drop of approximately 17%. Although the quarterly level is the lowest in more than four years, the average per month had been increasing since June's historic low of 63 billion messages per day until the drop in September. During Q3, spam represented 70% of all emails sent globally, dropping as low as 62% at the start of August. -- The most popular spam topic was dieting with a share of 40.2% (in Q2 it took position three, with 10.8%). Stock spam moved from 7th position (4.7%) in Q2 to 2nd position (20%) - so called penny stock spam could be seen on a regular basis in the last quarter. -- The average daily amount of malware found in emails remained almost unchanged compared to last quarter at nearly 2 billion emails per day. This average hides the steady increase from July to September which included outbreaks of double the daily average. -- India remains the world's top zombie hoster: During the third quarter of 2013, India stayed in first place with the most spam-sending bots - although their share dropped by 6% to 13.2%. Russia appeared to absorb most of this percentage and moved from 8th place into 2nd. New entries include Ukraine, Saudi Arabia, and Spain, while the United States, Serbia, and Mexico dropped out of the top 15. The Commtouch Security Lab's quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's GlobalView Cloud.

To view the entire Commtouch Q3 Internet Threats Trend Report, visit: www.commtouch.com/threat-report

About Commtouch Commtouch® (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 550 million end users. To learn more, visit www.commtouch.com.

-- Blog: http://blog.commtouch.com/cafe -- Facebook: www.facebook.com/commtouch -- LinkedIn: www.linkedin.com/company/commtouch -- Twitter: @Commtouch Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch. All other trademarks are the property of their respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2021
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

CVE-2014-3604
Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2014-6230
Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

CVE-2014-6251
Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

CVE-2014-7180
Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.