Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/12/2011
03:07 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Email-Borne Malware Jumps 400% After Rustock Takedown, Says Commtouch Quarterly Report

The first three months of 2011 were witness to a range of varied attempts to distribute malware, according to quarterly Internet Threats Trend Report

Sunnyvale, Calif. – April 12, 2011 – Malware sent via email increased by 400% in the last week of March 2011, Commtouch' (Nasdaq: CTCH) reported today in its quarterly Internet Threats Trend Report, which covers spam, phishing, malware and Web threats. The significant increase was detected two weeks after the takedown of the Rustock botnet had resulted in a 30% drop in spam levels.

While overall spam activity dropped around the New Year, it rose significantly after the holiday period. From January to mid-March, spam averaged 168 billion emails per day until Rustock was eliminated, dropping spam to an average of nearly 119 billion messages daily. Zombie activity also dropped significantly after Rustock was taken down, but large increases of enslaved computers became evident following the malware outbreak at the end of the quarter.

“Botnets are an essential part of cybercriminal infrastructure, providing vast computing resources, bandwidth and anonymity,” said Asaf Greiner, Commtouch vice president of products. “Botnet takedowns will almost always result in significant attempts at rebuilding, to allow criminal operations to continue.”

The first three months of 2011 were witness to a range of varied attempts to distribute malware:

* Mass mailings of “parcel tracking information” purporting to come from UPS and DHL accounted for 30% of all emails sent during the peak of the outbreak * Facebook chat messages from compromised user accounts led to phony Facebook applications and ultimately virus files * PDF files with embedded script malware mimicked Xerox scanned documents * The “Kama Sutra” virus tempted recipients with an explicit PowerPoint presentation * T-Online’s personal homepage feature was abused to redirect visitors to fake antivirus downloads

Additional highlights from the April 2011 Trend Report include:

* Spam levels averaged 149 billion spam/phishing messages per day during Q1, compared to the 142 billion spam/phishing messages per day in Q4 2010 and 198 billion in Q3 2010. * Approximately 258,000 zombies were activated daily during Q1, a decrease compared to the 288,000 zombies in Q4 2010 and 339,000 during Q3 2010. * The most popular spam topic in Q1 was again pharmacy ads representing 28% of all spam, down from 42% in Q4 2010. * India keeps its title for the third quarter in a row as the country with the most zombies – 17% of all zombies worldwide. * Parked domains were the website category most likely to contain malware. * Streaming media/downloads continues to be the most popular topic for blog creators in the Web 2.0 sphere of user-generated content, with 21% of the generated content.

The report also describes attempts by spammers and phishers to save money by hiding their online presence in disused forums or making use of online form-filling services to ease the collection of phished user data.

Commtouch’s quarterly trend report reflects the results of its analysis of billions of Internet transactions daily within the company’s cloud-based GlobalView™ Network.

Commtouch Recurrent Pattern Detection™, GlobalView technologies and multi-layered Command Antivirus' identify and block Internet security threats. More details, including samples and statistics, are available in the Commtouch April 2011 Internet Threats Trend Report, available at: http://www.commtouch.com/threat-report.

A brief SlideShare presentation summarizing the report is available at http://www.commtouch.com/threat-presentation.

NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering.

About Commtouch Commtouch' (NASDAQ: CTCH) provides proven Internet security technology to more than 150 security companies and service providers for integration into their solutions. Commtouch’s GlobalView™ and patented Recurrent Pattern Detection™ (RPD™) technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch’s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, enabling our partners and customers to protect end-users from spam and malware, and enabling safe, compliant browsing. The company’s expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary with offices in Sunnyvale, California and Palm Beach Gardens, Florida.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31793
PUBLISHED: 2021-05-06
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the ...
CVE-2021-31916
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a syst...
CVE-2021-31918
PUBLISHED: 2021-05-06
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
CVE-2019-25043
PUBLISHED: 2021-05-06
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
CVE-2020-18889
PUBLISHED: 2021-05-06
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.