Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/12/2011
03:07 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Email-Borne Malware Jumps 400% After Rustock Takedown, Says Commtouch Quarterly Report

The first three months of 2011 were witness to a range of varied attempts to distribute malware, according to quarterly Internet Threats Trend Report

Sunnyvale, Calif. – April 12, 2011 – Malware sent via email increased by 400% in the last week of March 2011, Commtouch' (Nasdaq: CTCH) reported today in its quarterly Internet Threats Trend Report, which covers spam, phishing, malware and Web threats. The significant increase was detected two weeks after the takedown of the Rustock botnet had resulted in a 30% drop in spam levels.

While overall spam activity dropped around the New Year, it rose significantly after the holiday period. From January to mid-March, spam averaged 168 billion emails per day until Rustock was eliminated, dropping spam to an average of nearly 119 billion messages daily. Zombie activity also dropped significantly after Rustock was taken down, but large increases of enslaved computers became evident following the malware outbreak at the end of the quarter.

“Botnets are an essential part of cybercriminal infrastructure, providing vast computing resources, bandwidth and anonymity,” said Asaf Greiner, Commtouch vice president of products. “Botnet takedowns will almost always result in significant attempts at rebuilding, to allow criminal operations to continue.”

The first three months of 2011 were witness to a range of varied attempts to distribute malware:

* Mass mailings of “parcel tracking information” purporting to come from UPS and DHL accounted for 30% of all emails sent during the peak of the outbreak * Facebook chat messages from compromised user accounts led to phony Facebook applications and ultimately virus files * PDF files with embedded script malware mimicked Xerox scanned documents * The “Kama Sutra” virus tempted recipients with an explicit PowerPoint presentation * T-Online’s personal homepage feature was abused to redirect visitors to fake antivirus downloads

Additional highlights from the April 2011 Trend Report include:

* Spam levels averaged 149 billion spam/phishing messages per day during Q1, compared to the 142 billion spam/phishing messages per day in Q4 2010 and 198 billion in Q3 2010. * Approximately 258,000 zombies were activated daily during Q1, a decrease compared to the 288,000 zombies in Q4 2010 and 339,000 during Q3 2010. * The most popular spam topic in Q1 was again pharmacy ads representing 28% of all spam, down from 42% in Q4 2010. * India keeps its title for the third quarter in a row as the country with the most zombies – 17% of all zombies worldwide. * Parked domains were the website category most likely to contain malware. * Streaming media/downloads continues to be the most popular topic for blog creators in the Web 2.0 sphere of user-generated content, with 21% of the generated content.

The report also describes attempts by spammers and phishers to save money by hiding their online presence in disused forums or making use of online form-filling services to ease the collection of phished user data.

Commtouch’s quarterly trend report reflects the results of its analysis of billions of Internet transactions daily within the company’s cloud-based GlobalView™ Network.

Commtouch Recurrent Pattern Detection™, GlobalView technologies and multi-layered Command Antivirus' identify and block Internet security threats. More details, including samples and statistics, are available in the Commtouch April 2011 Internet Threats Trend Report, available at: http://www.commtouch.com/threat-report.

A brief SlideShare presentation summarizing the report is available at http://www.commtouch.com/threat-presentation.

NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering.

About Commtouch Commtouch' (NASDAQ: CTCH) provides proven Internet security technology to more than 150 security companies and service providers for integration into their solutions. Commtouch’s GlobalView™ and patented Recurrent Pattern Detection™ (RPD™) technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch’s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, enabling our partners and customers to protect end-users from spam and malware, and enabling safe, compliant browsing. The company’s expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary with offices in Sunnyvale, California and Palm Beach Gardens, Florida.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.