NEWSLETTER:
Email:

News

Botnets prove resilient another year on; Email-borne malware increases one hundred fold, according to Symantec

Symantec Corp. (Nasdaq: SYMC) has launched its MessageLabs Intelligence 2010 Security Report. The annual report details how cyber criminals have diversified their attack tactics to sustain spam and malware at high levels throughout 2010. The report highlights fluctuating spam levels throughout the year driven by changes in botnet activity. Spam rates peaked in August 2010 at 92.2 percent when the Rustock botnet was being aggressively seeded by new malware variants and quickly put to use, lending to an overall increase in spam activity for the year, with average spam levels reaching 89.1 percent, an increase of 1.4 percent compared with 2009.

For most of 2010 spam from botnets accounted for 88.2 percent of all spam. The end of 2010 saw a reduction in the contribution of botnets to spam, to 77% of spam, resulting from the closure of spam affiliate, Spamit, in early October 2010. By the end of 2010, the total number of active bots had returned to roughly the same number as at the end of 2009, increasing by approximately 6 percent in the latter half of 2010. The total number of botnets worldwide is between 3.5 and 5.4 million.

It is predicted that in 2011 botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view - perhaps within images or music files distributed through file sharing or social networking web sites. This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure thus minimizing the chances of discovery.

Although 2010 has experienced fluctuation in the number of botnets and their associated output, the top three botnets have not changed in the latter half of 2010. Rustock remains the most dominant botnet, with its spam output more than doubled since last year to more than 44 billion spam emails per day and more than one million bots under its control while Grum and Cutwail are the second and third largest respectively. Cutwail and Grum have also been responsible for an increase in the volume of malware being sent in spam from botnets.

“With successful and resilient botnet operations established in prior years, the cyber criminals experimented with many tactics to keep spam campaigns active and fresh this year,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services. “From leveraging newsworthy events like the FIFA World Cup to taking advantage of the widespread popularity of URL shortening services and social networks, the spammers deployed a variety of tricks to bypass spam filters and lure potential victims.”

One noteworthy security threat this year was the ‘Here You Have’ virus which on September 9, 2010 used old mass-mailer techniques to send malicious emails, peaking at 2,000 emails blocked per minute. In total, MessageLabs AntiVirus service blocked more than 100,000 copies of the virus before it reached any client networks. The heuristic rule that triggered the detection of the virus was added in May 2008, more than two years earlier. The same rule was again instrumental in stopping a run of attacks spoofing the US Internal Revenue Service in early November.

In 2010, there were more than 339,600 different malware strains identified in malicious emails blocked, representing over a hundred-fold increase since 2009. This massive increase is largely due to the growth in polymorphic malware variants, typically generated from toolkits that allow a new version of the code to be generated quickly and easily. An example of this includes the Bredolab family of Trojans, a general-purpose botnet commonly distributed via the Cutwail botnet, which accounted for approximately 7.4 percent of all email-borne malware in 2010. Bredolab represents an approach from attackers referred to as “pay per install” (PPI). Although flexible in nature, the malware is designed to seize control of the victim’s computer so that the computer can be used by the Bredolab operators or rented or sold to another attacker. Bredolab is an example of malware contained in a compressed archive and over time has evolved from a simple piece of encrypted malware packed with polymorphic code to a protected version with an updated polymorphic engine designed to behave the same yet evade detection as Bredolab. The final version is an aggressive polymorphic packer released at the end of 2010 which was mass-mailed with hundreds of variants of it to maximize infection.

While Bredolab was being sent en masse, targeted attacks, characterized by their low-volume distribution, have also been on the rise. When targeted attacks, or advanced persistent attacks, first emerged five years ago, MessageLabs Intelligence tracked one to two per week and over the course of the following year, this number rose to between one and two attacks per day. Subsequently, targeted attacks increased from ten per day to approximately 60 per day in 2010 and by the end of the year, MessageLabs Intelligence blocked 77 targeted attacks each day.

“With the rise of targeted attacks come variations in the execution and attack complexity,” Wood said. “Typically, between 200 and 300 organizations are targeted each month but the industry sector varies and high seniority job roles are most frequently targeted yet often by way of a general or assistant’s mailbox. While five years ago large and well-known organizations were often targeted, today the scope of targeted organizations has expanded and now no organization is safe from attack.”

Finally, MessageLabs Intelligence examined the web browsing habits of an increasingly distributed workforce comprised of workers who are on the road or work from home compared to those of office-based workers. The findings revealed that mobile users behave similarly to office-based users and therefore pose little additional threat to an organization whereas workers who have mixed locations, those that work both in and out of the office, appear to relax their browsing habits considerably when out of the office, posing considerably higher risk to the organization. Based on the findings, organizations must determine to what extent they will manage employee online behavior with web policy controls. Recognizing a need for more flexible web access, businesses in 2010 are opting for a more granular approach to control with an increased use of “allow-lists” replacing the blanket “block list” approach from previous years. The number of allow policies has grown at an average rate of 0.8 percent per month in 2010, compared with 0.6 percent per month in 2009.

Top Trends in 2010

  • Web Security: For 2010, the average number of new malicious websites blocked each day rose to 3,066 compared to 2,465 for 2009, an increase of 24.3 percent. MessageLabs Intelligence identified malicious web threats on 42,926 distinct domains, the majority of which were compromised legitimate domains.

  • Spam: In 2010 the annual average global spam rate was 89.1 percent, an increase of 1.4 percent on the 2009. In August, the global spam rate peaked at 92.2 percent when the proportion of spam sent from botnets rose to 95 percent as a new variant of the Rustock botnet was seeded and quickly put to use.

  • Viruses: In 2010, the average rate for malware contained in email traffic was 1 in 284.2 emails (0.352 percent) almost unchanged when compared with 1 in 286.4 (0.349%) for 2009. In 2010, over 115.6 million emails were blocked by Skeptic™ representing an increase of 58.1 percent compared with 2009. There were 339.673 different malware strains identified in the malicious emails blocked. This represents more than a hundred fold increase over 2009 and is due to growth in polymorphic malware variants.
  • Phishing: In 2010, the average ratio of email traffic blocked as phishing attacks was 1 in 444.5 (0.23 percent), compared with 1 in 325.2 (0.31 percent) in 2009. Approximately 95.1 billion phishing emails were projected to be in circulation in 2010.

The annual MessageLabs Intelligence Report provides greater detail on all the trends and figures noted above, as well as more detailed trends for 2010. The full report is available at: http://www.messagelabs.com/intellig....

 [December 9, 2010]


Send this IT news to a friend
Recipient :
(enter the e-mail address of the recipient)

From 
(enter your name)

(enter your e-mail address)

 

Other IT news about Symantec

  • Symantec to Separate into Two Public Technology Companies (October 10, 2014)
  • Norton Delivers Powerful Threat Protection in Single Service (September 25, 2014)
  • Next Generation Norton Products Go Beyond Antivirus (July 10, 2014)
  • Symantec Solutions Achieve Rigorous Foreign Government Certifications (April 3, 2013)
  • Symantec provides broad security and compliance portfolio integration with the VMware Cloud infrastructure suite (March 1, 2012)
  • Norton One to deliver comprehensive security with personalized service (February 20, 2012)
  • Symantec releases new research revealing psychology behind intellectual property theft by corporate insiders (December 9, 2011)
  • Symantec Announces November 2011 Symantec Intelligence Report (December 6, 2011)
  • Symantec: Major cyber security trends from 2011 and 2012 Storage and Backup trends (December 2, 2011)
  • Norton Online Family Report Identifies Issues of "Cyberbaiting" and Overspending (November 18, 2011)
  • Norton Mobile Security update includes new “Scream” feature and web-based antitheft capabilities (November 8, 2011)
  • 24x7 Help Desk Service Offers Multi-Platform and Multi-Device Support for Technology Challenges Faced by Consumers and Small Offices (October 27, 2011)
  • DLT Solutions Demonstrates Expertise through its Achievement of all Available Symantec Specializations (October 24, 2011)
  • New Symantec DeepSight Reputation DataFeeds Identify Attack Actors, Malicious Activity Sources in Real-Time (October 13, 2011)
  • Symantec Threat Researchers Profile Top 7 Android Monetization Schemes (October 13, 2011)
  • Symantec Introduces Intelligent Authentication to Combat Evolving Threats (October 12, 2011)
  • Huawei Symantec Moves Into Canada With NetStor Technology Group (NTG) (September 20, 2011)
  • Cybercrime Cost Canadians $840 million Last Year (September 7, 2011)
  • Norton Launches 2012 Products, Extends “Norton Everywhere” Initiative (September 7, 2011)
  • Norton Gives “Likejacking” Scams the Thumbs-Down (September 2, 2011)
  • Norton’s Back-to-School Checklist for Online Safety (August 23, 2011)
  • Norton Mobile Security Lite Available for Free Download in Android Market (August 12, 2011)
  • Norton Safe Web for Facebook Application Passes the Million User Mark (July 13, 2011)
  • Symantec Report Finds Cyber Threats Skyrocket in Volume and Sophistication (June 30, 2011)
  • Symantec Announces June 2011 Symantec Intelligence Report (June 29, 2011)
  • Symantec to Acquire Clearwell Systems (May 20, 2011)
  • Symantec Releases April 2011 MessageLabs Intelligence Report (April 26, 2011)
  • Norton Internet Security and Norton AntiVirus 2012 Public Betas Now Available (April 18, 2011)
  • Symantec System Recovery Delivers Flexible Recovery of Physical and Virtual Systems (April 5, 2011)
  • Symantec NetBackup Adds Intelligent Policy Technology to Automatically Discover and Protect Virtual Machines (March 16, 2011)
  • NTT DOCOMO and Symantec to Introduce New Managed Service to Help Customers Protect Data on Lost or Stolen Laptops (February 11, 2011)
  • Norton Survey Reveals One in Three Experience Cell Phone Loss, Theft (February 10, 2011)
  • Symantec Announces January 2011 MessageLabs Intelligence Report: (January 26, 2011)
  • Symantec Delivers Industry First Appliance With Backup, Deduplication and Storage Capabilities (January 18, 2011)
  • Study Finds Antiquated IT Safeguards and Access Policies Leave Employees Frustrated and Enterprises Vulnerable (January 13, 2011)
  • Symantec Delivers Norton Internet Security to Small Businesses on HP PCs Worldwide (January 4, 2011)
  • Norton Study Reveals ’Over-Sharing’ of Holiday Cheer Puts Consumers at Risk (December 17, 2010)
  • Symantec Announces October 2010 MessageLabs Intelligence Report (October 27, 2010)
  • Norton 360 Version 5.0 Beta Now Available for Download and Testing (October 13, 2010)
  • The Silent Epidemic: Cybercrime Strikes More Than Two-Thirds of Internet Users (September 9, 2010)
  • Symantec Solutions Give Customers the Confidence to Virtualize Their Business-Critical Applications (September 1, 2010)
  • Symantec Completes Acquisition of VeriSign’s Security Business (August 10, 2010)
  • Survey Finds Infinite Data Retention Leading to Costly Information Management Mistakes (August 4, 2010)
  • One in Three Top-Trending Search Topics Return Malicious Results, Finds Norton Study (July 29, 2010)
  • Symantec Tool Challenges Small Businesses to Assess their Exposure to Information Risk (July 22, 2010)
  • ’Twilight’ Fever Brings Cybercriminals Out of the Woodwork (July 1, 2010)
  • Symantec Announces June 2010 MessageLabs Intelligence Report (June 23, 2010)
  • Symantec Survey Reveals Information Protection Is the Highest IT Priority for SMBs (June 21, 2010)
  • Symantec Completes Acquisition of PGP and GuardianEdge (June 8, 2010)
  • ’Norton Everywhere’ Initiative Takes Consumer Business Beyond the PC and Security (May 28, 2010)
  • Symantec to Offer Broadest Data Protection Capabilities With Acquisition of PGP Corporation and GuardianEdge (April 30, 2010)
  • Symantec Announces April 2010 MessageLabs Intelligence Report (April 28, 2010)
  • Cybercrime’s Financial and Geographic Growth Shows No Slowdown during the Global Economic Crisis (April 20, 2010)
  • The Norton Top 10 Riskiest Online Cities Report Reveals Who in Canada is Most Vulnerable to Cybercrime (March 23, 2010)
  • Symantec Unveils February 2010 MessageLabs Intelligence Report (March 2, 2010)
  • Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks on Worldwide Business (February 22, 2010)
  • Symantec Unveils January 2010 MessageLabs Intelligence Report (January 25, 2010)
  • Symantec Report: November State of Spam and Phishing Report (November 13, 2009)
  • Symantec Simplifies Backup and Recovery to Help Small Businesses Protect Against Downtime (November 4, 2009)
  • Symantec Report: October State of Spam and Phishing Report (October 28, 2009)
  • Cybercriminals Use Fear and Anxiety to Convince Users to Buy Rogue Security Software (October 19, 2009)
  • Symantec Platform Helps Customers Build and Manage Cloud Storage Infrastructure (October 6, 2009)
  • Symantec Announces September and Q3 2009 MessageLabs Intelligence Report (September 30, 2009)
  • Symantec Launches Norton 2010 Products, Introducing New Detection Technologies in the Fight against Cyber Crime (September 10, 2009)
  • Symantec VoR: Trojan.Peskyspy Recording Skype VoIP Conversations (August 28, 2009)
  • Symantec Identifies “Dirtiest Web Sites of Summer 2009” (August 20, 2009)
  • Symantec VoR: A botnet using Twitter as a command and control structure (aka Downloader.Sninfs) (August 16, 2009)
  • Symantec Protection Suite Delivers Streaming Defense Against Web 2.0 Threats (August 4, 2009)
  • Symantec Awarded $18.6 Million in Judgments Resulting From Two Anti-Piracy Cases (July 13, 2009)
  • Symantec Raises the Bar for Next Generation Information Management (July 9, 2009)
  • Symantec Unveils New Model of Consumer Protection Codenamed "Quorum" (July 6, 2009)
  • Symantec Managed Endpoint Protection Services Deliver Enhanced Security Against Emerging Threats (June 24, 2009)
  • Symantec Launches MessageLabs Instant Messaging Security Service (June 17, 2009)
  • Symantec to Offer Online Backup on HP Consumer Desktop and Notebook PCs (June 15, 2009)
  • Symantec Survey Reveals Canadian SMBs Are Not Implementing Basic Security Practices (May 8, 2009)
  • Symantec Managed Backup Services Provide Comprehensive Management of Backup and Recovery Operations (May 1, 2009)
  • Symantec Announces April 2009 MessageLabs Intelligence Report (April 29, 2009)
  • Symantec Launches OnlineFamily.Norton Service for Free Through 2009 (April 27, 2009)
  • Symantec Internet Security Threat Report Finds Malicious Activity Continues to Grow at a Record Pace (April 16, 2009)
  • IT Embracing Managed Security to Meet Security Challenges (March 25, 2009)
  • Symantec Delivers New Generation of Client and Server Management (March 11, 2009)
  • Norton 360 Now Speeds PC Performance and Extends Online Protection With Norton Safe Web (March 5, 2009)
  • Symantec Previews Web-Based Remote Support Innovation at DEMO 2009 (March 3, 2009)
  • More Than Half of Ex-Employees Admit to Stealing Company Data According to New Study (February 24, 2009)
  • Symantec Launches Beta Service That Connects Parents to Their Kids’ Online Lives (February 19, 2009)
  • Symantec Transforms Workspace Management With Endpoint Virtualization (February 18, 2009)
  • Symantec Presents January 2009 MessageLabs Intelligence Report (January 28, 2009)
  • Symantec Incubates Next Generation Cloud and Web 2.0 Computing Concepts (January 26, 2009)
  • Symantec Announces Availability of Enterprise Vault 8.0 and Its 10-Year Anniversary (January 20, 2009)
  • Symantec’s 2008 State of the Data Center Report Reveals Managers Pressured to "Do More with Less" (January 13, 2009)
  • Symantec Releases Public Beta of Norton 360 Version 3.0 (December 31, 2008)
  • Symantec Announces New Norton Internet Security for Mac (December 19, 2008)
  • Symantec Awarded $12 Million Judgment in Counterfeit Software Case (December 18, 2008)
  • Symantec Unveils Comprehensive Storage Solution to Help Customers Stop Buying Storage (December 16, 2008)
  • Symantec Delivers High Availability and Disaster Recovery Solutions for VMware Environments (December 10, 2008)
  • Symantec Reveals Small to Medium Business Data Protection Practices Not on Pace With Data Growth (December 1, 2008)
  • Symantec Provides Protection With Norton 360 on Gateway and eMachines PC Brands (November 26, 2008)
  • Symantec Launches Norton AntiVirus 2009 Gaming Edition (November 26, 2008)
  • New Symantec Report Reveals Booming Underground Economy (November 24, 2008)
  • Symantec Completes Acquisition of MessageLabs (November 17, 2008)
  • Symantec Demonstrates Market Leadership in Storage Software (October 28, 2008)
  • 3PAR and Symantec Team to Develop Non-Disruptive, Automated Space Reclamation Technologies (October 17, 2008)
  • Symantec Enhances Interoperability Through the Open Collaborative Architecture (October 15, 2008)
  • Symantec and Dell to Deliver Simple, All-in-One Data Protection Solution (October 10, 2008)
  • Symantec Brightmail Gateway 8.0 Adapts to Environment and Starves Spam Connections (October 10, 2008)
  • Symantec to Extend Online Services With Acquisition of MessageLabs (October 9, 2008)
  • Symantec Protection Network Continues Momentum With Beta Launch of Online Remote Access (September 18, 2008)
  • Symantec Delivers Innovative Data and System Protection for Virtual Machines and Windows Server 2008 Environments (September 17, 2008)
  • Symantec Launches Fastest Security Products in the World (September 10, 2008)
  • Virtualization Driving Organizations to Reevaluate Disaster Recovery Plans (August 28, 2008)
  • Symantec Releases Public Betas of Norton Internet Security 2009, Norton AntiVirus 2009 (July 17, 2008)
  • Symantec Defines the Next Generation of Endpoint Management (June 25, 2008)
  • Symantec Redefines Next Generation Data Protection (June 11, 2008)
  • Symantec Offers Complete, Integrated Virtualization Solution to Enable the Dynamic Data Center (June 11, 2008)
  • Voltage Launches eDiscovery Archive Connector for Symantec Enterprise Vault (June 10, 2008)
  • Symantec Expands Product Certification Program (June 3, 2008)
  • Symantec Awarded Funding From European Commission for Third Long-Term Research Project (April 8, 2008)
  • Symantec Announces New Versions of Veritas Storage Foundation and High Availability Solutions for Windows (March 18, 2008)
  • Symantec Releases New Altiris Workflow Solution (March 17, 2008)
  • Symantec Delivers Endpoint Encryption Offering to Help Protect Sensitive Information (March 3, 2008)
  • Symantec Launches Two Software as a Service Offerings (February 21, 2008)
  • Symantec Helps ING Investment Management Meet E-Discovery Requirements (February 7, 2008)
  • Symantec Goes Virtual With Messaging Defense (February 5, 2008)
  • Symantec Research Debunks Common Myths That Contribute to IT Failures (January 31, 2008)
  • Symantec Names Enrique T. Salem Chief Operating Officer (January 10, 2008)
  • Symantec Awarded $21 Million in Judgments Against Counterfeit Software Piracy Rings (December 18, 2007)
  • Symantec Announces New Mac OS X Leopard-Compatible Norton AntiVirus (December 12, 2007)
  • Symantec Completes Acquisition of Vontu (December 4, 2007)
  • Symantec Releases the Latest Versions of Its Leading PC TuneUp Solution Norton SystemWorks (November 19, 2007)
  • Symantec Announces Comprehensive Solution for the Healthcare Industry (November 13, 2007)
  • Symantec Managed Threat Analysis Offers Customized Assessment of Targeted Malware Attacks (November 1, 2007)
  • Symantec Extends Complete Windows Protection to Altiris Environments (October 18, 2007)
  • Symantec Managed Security Services Delivers Increased Protection Against Bot Networks (October 4, 2007)
  • New Symantec Endpoint Security Solution Now Available (September 28, 2007)
  • iKeepSafe and Symantec Bring Internet Safety to Winston-Salem Children at Boys & Girls Club (September 20, 2007)
  • Symantec Launches Norton Internet Security 2008, Norton AntiVirus 2008 (August 30, 2007)
  • Symantec Announces Availability of Veritas NetBackup 6.5 (August 15, 2007)
  • Symantec Protects Critical Data and Systems to Support LifeGift’s Operations in Times of Disaster (August 3, 2007)
  • Symantec Unveils Next Generation Storage Resource Management with Veritas CommandCentral 5.0 (August 3, 2007)
  • Symantec Secures Web-Based Access to Corporate E-mail (July 20, 2007)
  • Symantec Selected as Sole Supplier of Innovative Network Security Solution and Services for International Military Demonstration (July 3, 2007)
  •  

    Website based on SPIP, an Open Source program under GNU/GPL licence
    GADGETS: