Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:15 PM
Dark Reading
Dark Reading
Products and Releases

Symantec Releases January 2009 MessageLabs Intelligence Report

New botnets boost spam growth to 80% to 90% of pre-McColo spam levels

CUPERTINO, Calif. - January 26, 2009- Symantec Corp. (Nasdaq: SYMC) today announced the launch of its January 2009 MessageLabs Intelligence Report. Analysis highlights an increase in spam levels of 4.9 percent since December 2008 to 74.6 percent, reaching levels close to those experienced before Internet Service Provider McColo was taken down in November 2008. Among the top ten botnets responsible for distributing spam, Mega-D (Ozdoc) had the highest throughput in January, sending more than 26 million spam emails per minute whilst Cutwail (Pandex) remains the largest botnet with more than one million active IPs this month. Some of the top ten most active botnets contributing to the spam increase are new to the threat landscape, including Xarvester, Donbot and Waledac.

"The potential of these botnets to spam in large volumes is a major concern," said Paul Wood, MessageLabs Intelligence Analyst, Symantec. "In particular, Waledac is believed to be the next generation of the infamous botnet Storm (Peacomm). Whilst Waledac malware was spread at an alarming rate in January, it was dispersing spam in relatively small volumes. For now, the botnet controllers are clearly focusing on growing and developing this new botnet resource rather than using it to spam. It will be one to watch as 2009 progresses."

With the increase in spam came a resurgence of stock spam. Since the indictment of notorious stock spammer Alan Ralsky in January 2008, stock spamming has been relatively scarce. But with the help of CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart)-breaking tools aimed at major email providers and the shaky economic climate, MessageLabs Intelligence research identified many examples of spam messages sent from legitimate-looking email addresses touting penny stocks, an opportunity to hook consumers who may be finding it difficult to obtain credit by traditional means with the promise of big returns for little investment.

Other new topics used by spammers this month included the US Presidential Inauguration and, separately, the unrest in the Middle East was used to draw attention to messages which appeared to be used to further the aims of terrorist organizations.

"Just one month into 2009 and the threat landscape already appears to be in full swing," Wood said. "Toward the end of 2008, the MessageLabs Intelligence team predicted a botnet renaissance in which the cybercriminals would improve the technology behind their botnets, creating a new vanguard. Based on the increase in power, numbers and new bots, the cybercriminals seem to be living up to the prediction."

Other report highlights:

Web security: Analysis of Web security activity shows that 11.5 percent of all web-based malware intercepted was new in January. MessageLabs Intelligence also identified an average of 1,208 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 6.2 percent since December 2008.

Spam: In January 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 74.6 percent (1 in 1.92 emails), an increase of 4.9 percent since December 2008.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 257.3 emails (.39 percent), a decrease of 0.12 percent since December 2008. In January, 11.8 percent of email-borne malware contained links to malicious sites, an increase of 9.1 percent since December 2008.

Phishing: January saw a decrease of 0.14 percent in the proportion of phishing attacks compared with December 2008. One in 396.2 (.25 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 11.2 percent to 64.9 percent of all email-borne malware threats intercepted in January.

Geographical Trends: * Although, spam levels in France fell by 0.3 percent in January, France topped the list as the most spammed country with levels reaching 83.8 percent of all email. * Spam levels in the UK reached 77.2 percent in January and 75.1 percent in Canada. Germany's spam rate reached 77.9 percent and spam rose to 78.2 percent in the Netherlands. Spam levels in Australia were 73.5 percent, 73.0 percent in China and 70.7 percent in Japan. * Virus activity in the UK fell by 0.26 percent to 1 in 165.6 emails, where it takes the top position for viruses. * Virus levels for the US were 1 in 455.7, 1 in 324.4 for Canada and 1 in 337.9 for Australia. Virus levels for Germany were 1 in 189.6 and in Japan they reached 1 in 500.6.

Vertical Trends: * With an increase of 0.5 percent, the Marketing & Media sector was the most spammed industry in January, with a spam rate of 77.8 percent. * Chemical and Pharmaceutical sector spam levels reached 75.8 percent, 77.7 percent for Retail, 75.1 percent for Public Sector and 74.2 percent for Finance. * Although virus activity decreased by 0.57 percent in the Education sector, it held the highest virus levels with 1 in 98.8 emails being infected. * Virus levels for the IT Services sector were 1 in 276.3, 1 in 306.7 for Retail and 1 in 245.5 for Finance.

The January 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.

Symantec's MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-26
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
PUBLISHED: 2020-10-26
AntSword contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.
PUBLISHED: 2020-10-26
This affects all versions of package pathval.
PUBLISHED: 2020-10-26
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
PUBLISHED: 2020-10-23
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.