Risk

5/1/2013
07:43 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Commtouch Q1 Internet Threats Trend Report Highlights Strong Increase In Spam And Dangerous Email

100 billion spam and 1 billion malware emails daily

MCLEAN, Virginia, May 1, 2013 /PRNewswire/ --

Unwanted and dangerous email increased dramatically in the first quarter of 2013, according to a Q1 Internet Threats Trend Report issued by Commtouch(R)

(NASDAQ: CTCH), a leading provider of Internet security technology and cloud-based services. During the first quarter of 2013, an average of 97.4 billion spam emails and 973 million malware emails were sent worldwide each day.

In March, the number of daily spam emails significantly exceeded the 100 billion mark (117.8 billion).

Spam levels doubled between December 2012 and March 2013, a 98% increase.

Phishing also increased dramatically, with the number of phishing emails swelling to more than 74% in March, compared to the previous December.

The largest increase, however, could be observed with email-borne malware:

levels of emails carrying known malware were 157% higher in March than in December. For virus outbreaks, the increase was a stunning 290%.

The biggest part of this growth occurred in March. Compared to February, spam levels increased by 41%, known malware by 75%, and virus outbreaks by 124%. Only phishing volumes broke the trend, as they only increased by eight percent in March. The current increase is unusual in that historically spam and malware levels rarely correspond. In the past, when one category increased, the other often decreased or at least stagnated. The significance of the first quarter growth is underlined by comparisons with the respective volumes in March 2012: In March 2013, spam levels were 48% higher than the previous year, malware emails were 255% higher, and malware outbreaks were 251% higher. Only phishing levels decreased since March 2012.

Other report highlights:

- Pump and dump spam, also known as penny stock spam, one of the most

popular topics among spammers between 2006 and 2008, made a forceful comeback in Q1

after having all but disappeared in previous years. In March 2013, pump and dump spam

dominated the list of spam topics. Eighteen percent of the top 25 spam emails (with a

combined volume of 46% of all spam) were pump and dump mailings. The trick was

the same as in previous years. The emails advertise cheap shares with very small

trading volumes, indicating there was significant earning potential in them. If only a

few recipients can be fooled into buying the stock, the value will rise significantly

and the spammers who have bought shares at the lower price can cash in.

- In Web security, the first quarter of 2013 saw extensive usage of the

Blackhole exploit kit. The kit is installed on target Web sites allowing the

installation of drive-by malware. The JavaScript on the page scans the visiting system

to determine the versions of popular software. Once the kit has determined that there

is vulnerability, the relevant exploit is loaded, allowing the controller to gain a

foothold on the infected system. The Blackhole controller can then deliver further

malicious content.

- Current news events were extensively used to lure email users to Web sites

infected with malware. Fake email news alerts allegedly coming from CNN or the BBC

exploited breaking news stories, such as the election of the new pope and the

financial crisis in Cyprus. They linked to Web sites carrying the Blackhole exploit

kit.

- The United States was the largest source of spam in the first quarter of 2013,

topping the list of spam senders with a share of 9.1 percent of the overall volume.

The United States was followed by Belarus (6.5%), Spain (5.6%), Argentina (5.0%) and

India (4.3%).

"The dramatic rise in the quantity of unwanted and dangerous emails during the first quarter of 2013 shows that email communication is still one of the key attack vectors," said Avi Turiel, director of threat research and market analysis at Commtouch. "Email is still the most popular communication tool for private users and businesses alike, making it an attractive target for cybercriminals. The rise in both emails with malware attachments and drive-by-attacks also indicates that malware distributors don't shift their focus from one attack vector to another. To the contrary, they diversify their attack methods in order to increase the efficiency of their campaigns and in order to bypass some anti-spam and antivirus measures."

The Commtouch Internet Threat Analysis Team regularly publishes related statistics within its report. The quarterly report is compiled based on a comprehensive analysis of billions of daily transactions handled by Commtouch's

GlobalView(TM) Cloud [http://www.commtouch.com/cloud ].

To view the Commtouch Q1 Internet Threats Trend Report, visit:

http://www.commtouch.com/threat-report-April-2013.

About Commtouch

Commtouch(R) (NASDAQ: CTCH) is a leading provider of Internet security technology and cloud-based services for vendors and service providers, increasing the value and profitability of our customer's solutions by protecting billions of Internet transactions on a daily basis. With 12 global data centers and award-winning, patented technology, Commtouch's email, Web, and antivirus capabilities easily integrate into our customers' products and solutions, keeping safe more than 350 million end users. To learn more, visit http://www.commtouch.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6487
PUBLISHED: 2019-01-18
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
CVE-2018-20735
PUBLISHED: 2019-01-17
** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only...
CVE-2019-0624
PUBLISHED: 2019-01-17
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
CVE-2019-0646
PUBLISHED: 2019-01-17
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
CVE-2019-0647
PUBLISHED: 2019-01-17
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.