Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:23 AM
Dark Reading
Dark Reading
Products and Releases

Symantec Announces February 2009 MessageLabs Intelligence Report

Cybercriminals embrace the recession and romance while targeted trojans try new fake header techniques

CUPERTINO, Calif. " February 24, 2009" Symantec Corp. (Nasdaq: SYMC) today announced the publication of its February 2009 MessageLabs Intelligence Report. Analysis highlights that although spam declined by 1.3 percent to 73.3 percent of all emails in February, levels as high as 79.5 percent were experienced at the start of the month due to a spike in botnet activity and spammers leveraging the financial crisis and Valentine's Day for their latest spam antics.

"February saw the spammers pulling at both the heart and the purse strings with the emphasis on Valentine's Day and the global recession. Although spam levels declined slightly this month, the level of activity around Valentine's themed spam reached unprecedented highs accounting for nine percent of all spam messages," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. "With the financial crisis front of mind for many organizations and consumers, spammers and phishers are using this topic to their advantage and targeting people when times are tough."

For the first time in more than a year, February saw the re-appearance of search engine re-directs which topically referenced the financial crisis. The 'recession spam' email messages contained text such as "Money is tight, times are hard. Christmas is over. Time to get a new watch!" The phishing community also used the current financial climate to their advantage; at a time when concerned consumers may not be surprised to hear from their banks, phishing attacks have risen to one in 190.4 emails, from one in 396.2 in January 2009. Since the beginning of February, the proportion of Valentine's Day themed spam rose from two percent to more than nine percent, with the vast majority of this type of spam, almost seven percent, originating from the Cutwail (Pandex) botnet. Currently the largest botnet, Cutwail dedicated approximately 90 percent of its output to Valentine's Day messages, estimated at seven billion each day.

Finally, MessageLabs Intelligence intercepted a new technique involving forged headers on targeted Trojan attacks. Added to an email as it is passed between two mail servers, headers act as a vapour trail so that the path of that email can be tracked. With many attackers not bothering to include headers as a means of falsely authenticating their emails, the use of real-world examples in the most recent attempts made the email stand out as being suspicious.

Other report highlights: Web security: Analysis of Web security activity shows that 26.1 percent of all web-based malware intercepted was new in February. MessageLabs Intelligence also identified an average of 941 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 22.1 percent since January.

Spam: In February 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 73.3 percent (1 in 1.36 emails), a decrease of 1.3 percent since January.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 304.9 emails (0.33 percent), a decrease of 0.06 percent since January. In February, 3.7 percent of email-borne malware contained links to malicious sites, a decrease of 7.6 percent since January.

Phishing: One in 190.4 (0.53 percent) emails comprised some form of phishing attack, rising significantly since January 2009 levels of one in 396.2 emails. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 3.4 percent to 61.6 percent of all email-borne malware threats intercepted in February.

Geographical Trends: Spam levels in France fell by 9.2 percent in February; however France retained its position as the most spammed country with levels reaching 74.6 percent of all email. All countries received a slight reprieve from spam this month with spam levels in the US falling to 57 percent, 52.6 percent in Canada and 66.6 percent in the UK. Germany's spam rate reached 69.1 percent and 67.4 percent in the Netherlands. Spam levels were Australia were 68.5 percent, 72.8 percent in Hong Kong, 67.8 percent in China and 65.6 percent in Japan. Virus activity in India rose by 0.16 percent to 1 in 197.4 emails, placing it in the top position for viruses. Virus levels for the UK were 213.3, 1 in 424.5 for the US, 1 in 217.1 for Canada and 1 in 573.8 for Australia. Virus levels for Germany were 1 in 203.6 and in Japan they reached 1 in 450.8.

Vertical Trends: In February, the most spammed industry sector with a spam rate of 67.9 percent was the Education sector. Chemical and Pharmaceutical sector spam levels reached 59.8 percent, 63.3 percent for Retail, 62.5 percent for Public Sector and 58.9 percent for Finance. Virus activity in the Accommodation & Catering sector rose by 0.42 percent, taking the vertical to the top of the table with 1 in 95.5 emails being infected. Virus levels for the IT Services sector were 1 in 347.5, 1 in 356.4 for Retail and 1 in 505.5 for Finance.

The February 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx. Symantec's MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.