Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/12/2011
03:07 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Email-Borne Malware Jumps 400% After Rustock Takedown, Says Commtouch Quarterly Report

The first three months of 2011 were witness to a range of varied attempts to distribute malware, according to quarterly Internet Threats Trend Report

Sunnyvale, Calif. – April 12, 2011 – Malware sent via email increased by 400% in the last week of March 2011, Commtouch' (Nasdaq: CTCH) reported today in its quarterly Internet Threats Trend Report, which covers spam, phishing, malware and Web threats. The significant increase was detected two weeks after the takedown of the Rustock botnet had resulted in a 30% drop in spam levels.

While overall spam activity dropped around the New Year, it rose significantly after the holiday period. From January to mid-March, spam averaged 168 billion emails per day until Rustock was eliminated, dropping spam to an average of nearly 119 billion messages daily. Zombie activity also dropped significantly after Rustock was taken down, but large increases of enslaved computers became evident following the malware outbreak at the end of the quarter.

“Botnets are an essential part of cybercriminal infrastructure, providing vast computing resources, bandwidth and anonymity,” said Asaf Greiner, Commtouch vice president of products. “Botnet takedowns will almost always result in significant attempts at rebuilding, to allow criminal operations to continue.”

The first three months of 2011 were witness to a range of varied attempts to distribute malware:

* Mass mailings of “parcel tracking information” purporting to come from UPS and DHL accounted for 30% of all emails sent during the peak of the outbreak * Facebook chat messages from compromised user accounts led to phony Facebook applications and ultimately virus files * PDF files with embedded script malware mimicked Xerox scanned documents * The “Kama Sutra” virus tempted recipients with an explicit PowerPoint presentation * T-Online’s personal homepage feature was abused to redirect visitors to fake antivirus downloads

Additional highlights from the April 2011 Trend Report include:

* Spam levels averaged 149 billion spam/phishing messages per day during Q1, compared to the 142 billion spam/phishing messages per day in Q4 2010 and 198 billion in Q3 2010. * Approximately 258,000 zombies were activated daily during Q1, a decrease compared to the 288,000 zombies in Q4 2010 and 339,000 during Q3 2010. * The most popular spam topic in Q1 was again pharmacy ads representing 28% of all spam, down from 42% in Q4 2010. * India keeps its title for the third quarter in a row as the country with the most zombies – 17% of all zombies worldwide. * Parked domains were the website category most likely to contain malware. * Streaming media/downloads continues to be the most popular topic for blog creators in the Web 2.0 sphere of user-generated content, with 21% of the generated content.

The report also describes attempts by spammers and phishers to save money by hiding their online presence in disused forums or making use of online form-filling services to ease the collection of phished user data.

Commtouch’s quarterly trend report reflects the results of its analysis of billions of Internet transactions daily within the company’s cloud-based GlobalView™ Network.

Commtouch Recurrent Pattern Detection™, GlobalView technologies and multi-layered Command Antivirus' identify and block Internet security threats. More details, including samples and statistics, are available in the Commtouch April 2011 Internet Threats Trend Report, available at: http://www.commtouch.com/threat-report.

A brief SlideShare presentation summarizing the report is available at http://www.commtouch.com/threat-presentation.

NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering.

About Commtouch Commtouch' (NASDAQ: CTCH) provides proven Internet security technology to more than 150 security companies and service providers for integration into their solutions. Commtouch’s GlobalView™ and patented Recurrent Pattern Detection™ (RPD™) technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch’s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, enabling our partners and customers to protect end-users from spam and malware, and enabling safe, compliant browsing. The company’s expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary with offices in Sunnyvale, California and Palm Beach Gardens, Florida.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.