Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:53 PM
Dark Reading
Dark Reading
Products and Releases

Report: Mal-Bredo A Virus Spreads Via Social Media

Spammers taking advantage of the reputations of global brands to prompt opening of email

Sunnyvale, Calif. " January 12, 2009 " Commtouch' (Nasdaq: CTCH) today released its Internet Threats Trend Report for Q4 2009. Spammers continue to be cutting-edge marketers, this time taking advantage of the reputations of global brands, such as UPS, DHL and Facebook, to prompt opening of emails.

During this past quarter, cybercriminals focused on distributing the Mal-Bredo A virus. While the number of variants decreased from 10,000 to 1,000 as compared to last quarter, it was spread with much more virulence.

Commtouch's quarterly trend report is based on the analysis of more than two billion email messages and Internet transactions seen daily within the company's cloud-based global detection centers.

Other highlights from the Q4 Trend Report include:

* An average of 312,000 zombies were newly activated daily for the purpose of malicious activity.

* Spam levels averaged 77% of all email traffic throughout the quarter, peaking at 98% in November and bottoming out at 68% at the end of December.

* Sites in the "Computers & Technology" and "Search Engines & Portals" categories topped the list of Web categories manipulated by phishing schemes.

* "Business" continued to be the Web site category most infected with malware for the third quarter in a row.

* Pharmacy spam remained in the top spot with 81% of all spam messages; last quarter, it led with 68%. Replicas remained in the #2 spot, falling from 19% to 5.4%.

* Brazil continues to produce the most zombies, responsible for 20.4% of global zombie activity.

Blended threats, including fake Swine Flu alerts and Halloween tricks, continued to circulate, while spammers introduced a few new ploys including MP3 spam and personal enhancement spam targeting women.

"As we review the Internet threats for this quarter, we can really see the creativity the cybercriminals use to ensure their messages are opened," said Asaf Greiner, Commtouch vice president, products. "Whether we like it or not, their activities really demonstrate when society-wide activities " such as social media participation " reach critical mass. Essentially, if a spammer is using a specific brand to entice consumers to open their mail, it means that brand has achieved a strong, positive reputation."

Commtouch Recurrent Pattern Detection and GlobalView technologies identify and block messaging and Web security threats, including increasingly malicious malware and phishing outbreaks. More details, including samples and statistics, are available in the Commtouch Q4 2009 Internet Threats Trend Report, available from Commtouch Labs at http://www.commtouch.com/download/1629.

NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering at the ISP level.

About Commtouch

Commtouch' (NASDAQ: CTCH) provides proven messaging and Web security technology to more than 100 security companies and service providers for integration into their solutions. Commtouch's patented Recurrent Pattern Detection (RPD) and GlobalView technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, protecting email infrastructures and enabling safe, compliant browsing. The company's expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary in Sunnyvale, Calif.

Stay abreast of the latest messaging and Web threat trends all quarter long at the Commtouch Caf: http://blog.commtouch.com. For more information about enhancing security offerings with Commtouch technology, see http://www.commtouch.com or write [email protected]

Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and

Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.

Commtouch Contact:

Amy Kenigsberg

US: 913-440-4072 (+7 ET)

Int'l: +972-9-794-1681 (+2 GMT)

[email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-01
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previousl...
PUBLISHED: 2021-03-01
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request...
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.