Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:15 PM
Dark Reading
Dark Reading
Products and Releases

Symantec Releases January 2009 MessageLabs Intelligence Report

New botnets boost spam growth to 80% to 90% of pre-McColo spam levels

CUPERTINO, Calif. - January 26, 2009- Symantec Corp. (Nasdaq: SYMC) today announced the launch of its January 2009 MessageLabs Intelligence Report. Analysis highlights an increase in spam levels of 4.9 percent since December 2008 to 74.6 percent, reaching levels close to those experienced before Internet Service Provider McColo was taken down in November 2008. Among the top ten botnets responsible for distributing spam, Mega-D (Ozdoc) had the highest throughput in January, sending more than 26 million spam emails per minute whilst Cutwail (Pandex) remains the largest botnet with more than one million active IPs this month. Some of the top ten most active botnets contributing to the spam increase are new to the threat landscape, including Xarvester, Donbot and Waledac.

"The potential of these botnets to spam in large volumes is a major concern," said Paul Wood, MessageLabs Intelligence Analyst, Symantec. "In particular, Waledac is believed to be the next generation of the infamous botnet Storm (Peacomm). Whilst Waledac malware was spread at an alarming rate in January, it was dispersing spam in relatively small volumes. For now, the botnet controllers are clearly focusing on growing and developing this new botnet resource rather than using it to spam. It will be one to watch as 2009 progresses."

With the increase in spam came a resurgence of stock spam. Since the indictment of notorious stock spammer Alan Ralsky in January 2008, stock spamming has been relatively scarce. But with the help of CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart)-breaking tools aimed at major email providers and the shaky economic climate, MessageLabs Intelligence research identified many examples of spam messages sent from legitimate-looking email addresses touting penny stocks, an opportunity to hook consumers who may be finding it difficult to obtain credit by traditional means with the promise of big returns for little investment.

Other new topics used by spammers this month included the US Presidential Inauguration and, separately, the unrest in the Middle East was used to draw attention to messages which appeared to be used to further the aims of terrorist organizations.

"Just one month into 2009 and the threat landscape already appears to be in full swing," Wood said. "Toward the end of 2008, the MessageLabs Intelligence team predicted a botnet renaissance in which the cybercriminals would improve the technology behind their botnets, creating a new vanguard. Based on the increase in power, numbers and new bots, the cybercriminals seem to be living up to the prediction."

Other report highlights:

Web security: Analysis of Web security activity shows that 11.5 percent of all web-based malware intercepted was new in January. MessageLabs Intelligence also identified an average of 1,208 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 6.2 percent since December 2008.

Spam: In January 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 74.6 percent (1 in 1.92 emails), an increase of 4.9 percent since December 2008.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 257.3 emails (.39 percent), a decrease of 0.12 percent since December 2008. In January, 11.8 percent of email-borne malware contained links to malicious sites, an increase of 9.1 percent since December 2008.

Phishing: January saw a decrease of 0.14 percent in the proportion of phishing attacks compared with December 2008. One in 396.2 (.25 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 11.2 percent to 64.9 percent of all email-borne malware threats intercepted in January.

Geographical Trends: * Although, spam levels in France fell by 0.3 percent in January, France topped the list as the most spammed country with levels reaching 83.8 percent of all email. * Spam levels in the UK reached 77.2 percent in January and 75.1 percent in Canada. Germany's spam rate reached 77.9 percent and spam rose to 78.2 percent in the Netherlands. Spam levels in Australia were 73.5 percent, 73.0 percent in China and 70.7 percent in Japan. * Virus activity in the UK fell by 0.26 percent to 1 in 165.6 emails, where it takes the top position for viruses. * Virus levels for the US were 1 in 455.7, 1 in 324.4 for Canada and 1 in 337.9 for Australia. Virus levels for Germany were 1 in 189.6 and in Japan they reached 1 in 500.6.

Vertical Trends: * With an increase of 0.5 percent, the Marketing & Media sector was the most spammed industry in January, with a spam rate of 77.8 percent. * Chemical and Pharmaceutical sector spam levels reached 75.8 percent, 77.7 percent for Retail, 75.1 percent for Public Sector and 74.2 percent for Finance. * Although virus activity decreased by 0.57 percent in the Education sector, it held the highest virus levels with 1 in 98.8 emails being infected. * Virus levels for the IT Services sector were 1 in 276.3, 1 in 306.7 for Retail and 1 in 245.5 for Finance.

The January 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.

Symantec's MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information dis...
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...