|
Symantec Announces August 2009 MessageLabs Intelligence Report
Corporate/Events |
Just Announced
Thu 27 Aug 2009
Symantec Announces August 2009 MessageLabs Intelligence Report
Cutwail Botnet Damaged By ISP Shutdown Whilst Donbot Offers Medical Assistance to Billions
MessageLabs, part of Symantec Corp, today announced the publication of its August 2009 MessageLabs Intelligence Report. Analysis highlights how activity levels for Cutwail, one of the largest botnets globally, fell by as much as 90 percent following the shutdown of an ISP in Latvia. Also in August, another prolific botnet called Donbot continued to use shortened URLs in its spam runs, peaking at distributing ten billion emails in just one day.
The Latvian ISP Real Host was disconnected on 1 August after it was alleged to be linked to command-and-control servers for infected botnet computers, particularly the Cutwail botnet which is responsible for approximately 15 to 20 percent of all spam today. Following the disconnection, global spam volumes immediately fell by as much as 38 percent in the subsequent 48-hour period.
“Cutwail’s activity levels fell by as much as 90 percent following the disconnection of Real Host, but in a matter of days it was back to its former self, demonstrating just how powerful the Cutwail botnet really is in recovering and reinventing itself. ISPs have been blamed for helping botnet activity in the past, and taking these services down when unusual behavior is monitored is an important part of the battle against cybercrime,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec.
Despite this brief variation in spam levels, the overall figures for August remain fairly steady at 88.5 percent, due to the activity levels of other major botnets such as Rustock, Mega-D and Donbot. Taking advantage of the heightened interest in health related issues due to the current swine flu pandemic, Donbot recently distributed its largest shortened-URL spam run to date, distributing an estimated 10 billion pharmaceutical-focused spam messages in one day. Subjects include ‘Health care – get meds now’, ‘Save 89% on Meds’, ‘Purchase Meds Online’. The ongoing use of shortened-URLs as a delivery mechanism has resulted in a number of URL-shortening services being forced to close their businesses due to their inability to handle the malicious use of their tools.
In addition, MessageLabs Intelligence analysis highlights how cybercriminals are three times as likely to favor repurposing malware across numerous domains rather than developing new tactics. In August, of 3,510 websites being blocked daily, 36.1 percent of domains were new. Similar analysis of malware being blocked each day highlights that only 11.9 percent was newly developed malware.
Other report highlights:
Spam: In August 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 88.5 percent (1 in 1.13 emails), reflecting a 0.9 percent decrease since July.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 296.6 emails (0.34 percent), almost unchanged since July. In August, 14.8 percent of email-borne malware contained links to malicious websites, a decrease of 0.4 percent since July.
Phishing: One in 341.2 emails (0.29 percent) comprised some form of phishing attack, a decrease of 0.01 percent since July. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 6.0 percent to 86.9 percent of all email-borne malware threats intercepted in August.
Web security: Analysis of web security activity shows that 45.4 percent of all web-based malware intercepted was new in August, an increase of 44.7 percent since July. MessageLabs Intelligence also identified an average of 3,510 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 0.01 percent since July.
Geographical Trends:
- Hong Kong was the most spammed country in August although levels fell by 0.8 percent to 93.4 percent.
- Spam levels in the US and Canada rose to 89.5 percent and 88.7 percent respectively. The majority of other countries saw a decline in August with levels in the UK falling to 91.6 percent, Germany to 90.4 percent, France to 90.7 percent, and The Netherlands to 86.3 percent.
- Levels in Australia and Japan declined to 90.6 percent and 89.2 percent respectively.
- Although virus activity in China declined to 1 in 196.9 emails, it was placed at the top of the virus table for August. Singapore and Switzerland maintained their position in the top 5 countries with virus levels of 1 in 196.9 and 1 in 214.0 emails respectively. The UK, with levels of 1 in 219.3 and UAE with levels of 1 in 228.66 emails completed the top 5 virus affected countries for August.
- Virus activity increased in Germany and The Netherlands with levels of 1 in 275.5 emails and 1 in 612.18 emails respectively. In the US levels decreased slightly to 1 in 387.1 and increased in Canada with levels reaching 1 in 309.9. July’s most affected country, Australia, became the twelfth most affected country in August with virus levels of 1 in 308.3 emails. In Hong Kong virus activity was 1 in 297.7 emails and in Japan it increased to 1 in 400.76 emails.
Vertical Trends:
- In August, the most spammed industry sector with a spam rate of 93.4 percent was the Engineering sector.
- Spam levels for the Education sector were 93.2 percent, 92.5 percent for the Automotive sector, 90.7 percent for Retail, 89.8 percent for Public Sector and 88.7 percent for Finance.
- Virus activity in the Education sector increased with 1 in 120.0 emails being infected in August, keeping it top of the virus table.
- Virus levels for the IT Services sector were 1 in 262.5, 1 in 490.3 for Retail, 1 in 171.9 for Public Sector and 1 in 288.4 for the Chemical and Pharmaceutical sector.
The August 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.
|
|
Channels
TECH GUIDES
