Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Rustock Most Prolific Botnet

Phishing attacks are down from 2009, but spam, viruses, and malicious web sites are on the rise, reports Symantec.

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
Spam is on the rise. From 2009 to 2010, spam moved from comprising 88% of all email to 89.1%. In the same timeframe, the number of malicious Web sites discovered per day increased by 24% and virus-borne emails increased by 58%, while -- thankfully -- the number of emails containing phishing attacks actually dropped by 27%.

Those results come from a new MessageLabs Intelligence report released by Symantec Hosted Services on Tuesday.

The report also found that the world's most prolific botnet is now Rustock, which pumps out 44 billion spam emails per day. To keep the spam flowing, operators of the leading botnets -- Rustock, Cutwail, and Grum -- continue to innovate.

"With successful and resilient botnet operations established in prior years... cybercriminals experimented with many tactics to keep spam campaigns active and fresh this year," said Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services. "From leveraging newsworthy events like the FIFA World Cup to taking advantage of the widespread popularity of URL shortening services and social networks... spammers deployed a variety of tricks to bypass spam filters and lure potential victims."

Botnet operators are also getting more practiced at sneaking their malware past security scanners. MessageLabs said it saw 339,600 different strains of malware sent via email in 2010 -- an increase of a hundred-fold from 2009. The sharp rise is due to the emergence of polymorphic malware variants such as Bredolab. Bredolab's polymorphic engine, for example, alters the code it generates when propagating copies of itself, disguising itself to avoid detection by security software.

More than other malware, MessageLabs said that Bredolab has been pushing the state of the art to evade detection through techniques such as including junk code, disabling antivirus, and immobilizing itself when added to a debugging environment for testing to foil researchers.

While high-volume, botnet-distributed attacks are on the rise, so are very small, discrete, and targeted attacks. MessageLabs said that in 2005, it saw perhaps one or two targeted attacks per week. But by the end of 2010, it saw an average of 77 attacks per day.

"Typically, between 200 and 300 organizations are targeted each month, but the industry sector varies and high-seniority job roles are most frequently targeted -- yet often by way of a general or assistant's mailbox," said Wood. "While five years ago, large and well-known organizations were often targeted, today the scope of targeted organizations has expanded and now no organization is safe from attack."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19645
PUBLISHED: 2019-12-09
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVE-2019-19678
PUBLISHED: 2019-12-09
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.
CVE-2019-19679
PUBLISHED: 2019-12-09
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.