MessageLabs, a principal supplier of integrated messaging and web security services to businesses worldwide, today announce the findings of its MessageLabs Intelligence Report for April 2007. In this report, MessageLabs presents a new level in the convergence between spam and viruses through intercepted cyber-criminal activity, whilst highlighting the boost in spam levels and the surfacing of new techniques which have led to decreased rates in traditional virus and phishing threats.
In what could be one of the most defining moments within the threat landscape, MessageLabs has intercepted emails that are both spam and contain a virus. While the cyber-criminals have long used email viruses to create botnets to send spam, this is the first time MessageLabs has seen viruses hidden within stock scam spam. Since April 14, MessageLabs has stopped thousands of these emails as part the latest phase in Storm Worm activity.
Late this month, the latest strains of Zhelatin also known as Storm Worm were being spammed out in stock pump-and-dump emails which also contained links to new malware being hosted on websites under the control of the attackers. Purporting to be a screensaver, the malware then drops the Zhelatin MeSpam engine onto the compromised computer. Until now, new versions of Zhelatin have been distributed via botnets to create larger botnets for the purposes of spamming.
“Why use two emails when just one will do? Now we are seeing the bad guys layer on the threats – as if it’s not enough to just scam someone and fill their inbox with junk email, why not also infect and take control of their computer at the same time?
These latest techniques are part of a new boldness being shown by certain criminal gangs we are tracking,” said Mark Sunner, Chief Security Analyst, MessageLabs. “These latest developments also serve to highlight that spam cannot be perceived as just a nuisance and it should be kept away from the desktop. Protection at the Internet level avoids any errors by end-users which could have detrimental impact on a business.”
Earlier this month MessageLabs announced the new data on the levels, victims and sources of targeted email attacks in March 2007. Last month MessageLabs intercepted 716 emails in 249 separate targeted attacks aimed at 216 different organizations. Of these, almost 200 were one-on-one targeted attacks where the tailored attack comprised a single email designed to infiltrate one organization. These numbers represent a significant increase when compared to the same period last year when attack rates reached one or two per day.
Other report highlights:
Spam: In April, the global ratio of spam in email traffic from new and unknown bad sources was 76.1 percent (1 in 13.1), an increase of 0.9 percent on the previous month. However, the figure is in real terms considerably higher, but MessageLabs is now able to filter out large volumes of known spam from sources such as known botnets. Without MessageLabs at the Internet level to filter out known spam, and make it more difficult for spammers to reach its clients, 83.6 percent of email traffic would have been identified as spam.
Viruses: In April, the global ratio of viruses in email traffic from new and previously unknown bad sources destined for valid recipents, was 1 in 145.5 (0.69 percent), a decrease of 0.003 percent since March. MessageLabs has found that large scale virus outbreaks have almost become a thing of the past, as attacks are becoming increasingly more targeted and with specific business motives.
Phishing: April shows a decrease of 0.08 percent in the proportion of phishing attacks compared with the previous month, with one in 416.1 emails containing a phishing attack. However, notably the number of attacks has fallen by 12 percent, to levels last seen in August 2006, and is now accounting for 35 percent of all malicious emails intercepted. MessageLabs expects phishing to continue to decrease in the coming months, due to the increased numbers of stringent measures being put into place by corporate organizations.
Geographical Trends:
- Spam attacks continued to target Israel, with 73.3 percent this month, however virus attacks are negligible
- In Germany, spam attacks increased significantly by 10.3 percent, taking second position in the global rankings, whilst virus rates dropped by 0.6 percent (1 in 61.5)
- India continues to lead the virus chart, with an increase of 2.2 percent (1 in 31.7), which is likely to be a result of the country’s lack of Anti-Virus protection and diverse IT infrastructure
- In contrast, Sweden takes the accolade for the least targeted country by viral writers, with a decrease of 0.76 percent (1 in 653.6)
Vertical Trends: - Once again, Education was the main industry targeted in April, with 1 in 60.4 emails heading for this vertical sector harboring a virus or some form of malware. This represents a 0.5 percent increase on the previous month, the largest shift for any vertical.
- The Telecommunications sector continues to be the least targeted vertical in April, and virus levels fell by 0.02 percent this month.
- An increase in spam activity was noted for the Wholesale sector with a rise of 0.9 percent; however, the greatest increase occurred in the Business Support Services sector where levels rose by 16.3 percent.
- Spam levels across Government and Public Sector bodies fell by 3.3 percent this month, and a fall of 1.8 percent was noted across the Finance sector also, making the vertical the least targeted sector for spam in April.
- The April 2007 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/Threat_Watch
- MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.
About MessageLabs
MessageLabs is a leading provider of integrated messaging and web security services, with over 15,000 clients ranging from small business to the Fortune 500 located in more than 80 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.
These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com. |
