Phishing, Spam Containing Malware Increase

Last month saw a surge in malware-containing spam, according to a new study by Symantec. Interestingly, while Symantec said that malware-containing spam never comprised more than 3% of all spam on any given day in 2010, all of that changed in June. "Malware spam made up almost 12% of all spam on June 13th, and topped 5% on June 3rd and 15th," according to the report.

What's behind the increase? According to Symantec, spammers appear to be "trying to make up for the loss of several zombie networks, due to legal actions." In other words, they're pumping out spam with malware in an attempt to build their botnets back up to full strength, adding as many compromised -- aka zombie -- PCs as they can.

Spam-containing malware isn't the only attack that's lately been on the increase. Indeed, from May to June 2010, the incidence of phishing attacks increased by 25%. In part, this was due to the prevalence of attackers using automated toolkits for creating their phishing attacks; the use of such toolkits more than doubled in that timeframe. The number of free webhosting services being used in such attacks also increased by 26% from May to June, to comprise 11% of all phishing attacks.

As always, the primary motive behind phishing attacks appears to be monetary, with 85% of all phishing attacks targeting financial institutions, versus 14% targeting information services companies, and less than 1%, government agencies.

On a positive note, however, the amount of spam in the wild has recently declined. While spam comprised 88.3% of all email messages in June, that was down from 89.8% in May.

In recent months, attackers have also been creating more phishing websites that spoof Google's social networking site Orkut, especially in Brazilian Portuguese, since Orkut's biggest traction is in Brazil, said Symantec. These spoof sites have even been going so far as to mimic Google's changing imagery, often based on popular holidays, such as Earth Day and Mother's Day. This attention to detail may result from the need to trick the maximum number of people during the short window that a phishing site remains active -- just 54 hours, according to Symantec -- before it gets shut down.