Message Labs has released the September edition of the MessageLabs Intelligence monthly report.It provides the latest threat trends for September 2007, as well as a quarterly retrospective, to keep you informed regarding the ongoing fight against viruses, spam and other unwelcome content.
Top line results of this report include: Spam – 73.5% in September (a decrease of 0.5% since August) Viruses – One in 48.8 emails in September contained malware (an increase of 0.8% since August) Phishing – One in 87.2 emails comprised a phishing attack (an increase of 0.6% since August)
Old school threats return in time for the new school year Virus and phishing rates have recently taken a back seat in favor of the more turbulent and escalating spam activities. September saw this change. Virus levels reached levels last observed more than eighteen months ago. Phishing levels have never before reached levels experienced this month. As this new academic year began, so did the increase in “old school” threats.
Further analysis into virus activities highlights that the cyber-criminals are favoring the method of including links to malicious websites hosting the malware code, rather than attaching the malware to the email itself through an executable attachment.
In Q3 2007, 35% of email threats were of this genre, compared with approximately 20.2% for the previous quarter. This represents an increase of 14.8%, making way for more social engineering-based attacks luring victims to visit the websites hosting the malicious code.
As a comparison, in Q1 2007 this figure was around 3.3% of malware intercepted. One name which still needs to be associated and acknowledged for the increase in virus levels is the Storm botnet, a name which is likely to be prevalent in all retrospective threat reviews of 2007. In the wake of the August Storm botnet surge, estimated to involve 1.8 million compromised computers, spam volumes increased for many domains by as much as 30% during the week following (17 - 23 August) before returning to normal levels.
The increase in phishing activity in the run-up to the holiday season is largely down to an increase in the intensity and volume of attacks at some major targets. These attacks are often sustained over a period of days before shifting focus to another target. This coupled with the increase in number of smaller-sized attacks at a range of other targets has resulted in an overall increase in phishing activity for September. Previously, the highest phishing levels experienced were in January 2007 when phishing attacks accounted for 1 in 93 emails.
