Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Rustock Most Prolific Botnet

Phishing attacks are down from 2009, but spam, viruses, and malicious web sites are on the rise, reports Symantec.

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
Spam is on the rise. From 2009 to 2010, spam moved from comprising 88% of all email to 89.1%. In the same timeframe, the number of malicious Web sites discovered per day increased by 24% and virus-borne emails increased by 58%, while -- thankfully -- the number of emails containing phishing attacks actually dropped by 27%.

Those results come from a new MessageLabs Intelligence report released by Symantec Hosted Services on Tuesday.

The report also found that the world's most prolific botnet is now Rustock, which pumps out 44 billion spam emails per day. To keep the spam flowing, operators of the leading botnets -- Rustock, Cutwail, and Grum -- continue to innovate.

"With successful and resilient botnet operations established in prior years... cybercriminals experimented with many tactics to keep spam campaigns active and fresh this year," said Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services. "From leveraging newsworthy events like the FIFA World Cup to taking advantage of the widespread popularity of URL shortening services and social networks... spammers deployed a variety of tricks to bypass spam filters and lure potential victims."

Botnet operators are also getting more practiced at sneaking their malware past security scanners. MessageLabs said it saw 339,600 different strains of malware sent via email in 2010 -- an increase of a hundred-fold from 2009. The sharp rise is due to the emergence of polymorphic malware variants such as Bredolab. Bredolab's polymorphic engine, for example, alters the code it generates when propagating copies of itself, disguising itself to avoid detection by security software.

More than other malware, MessageLabs said that Bredolab has been pushing the state of the art to evade detection through techniques such as including junk code, disabling antivirus, and immobilizing itself when added to a debugging environment for testing to foil researchers.

While high-volume, botnet-distributed attacks are on the rise, so are very small, discrete, and targeted attacks. MessageLabs said that in 2005, it saw perhaps one or two targeted attacks per week. But by the end of 2010, it saw an average of 77 attacks per day.

"Typically, between 200 and 300 organizations are targeted each month, but the industry sector varies and high-seniority job roles are most frequently targeted -- yet often by way of a general or assistant's mailbox," said Wood. "While five years ago, large and well-known organizations were often targeted, today the scope of targeted organizations has expanded and now no organization is safe from attack."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17667
PUBLISHED: 2019-10-17
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.
CVE-2019-17666
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.