‫ Summary of Symantec Intelligence Report: October 2012

IRCRE201211117
 
Date: 2012-11-15
 
October edition of the Symantec Intelligence report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this report includes data from January through September 2012.
 
Spam Analysis
In October, the global ratio of spam in email traffic fell by 10.2 percentage point since September, to 64.8 percent (1 in 1.54 emails). This follows the continuing trend of global spam levels diminishing gradually since the latter part of 2011.
 
Saudi Arabia overtook Hungry to become the most spammed geography in October, with a spam rate of 79.4 percent.
The Education sector was the most spammed industry sector in October, with a spam rate of 66.8 percent; the spam rate for the non-Profit sector was 66.2 percent. The spam rate for the Gov/Public sector was 66.2 percent, compared with 65.9 percent for Marketing/Media sector, 65.9 percent for Agriculture Sector.
The spam rate for small to medium-sized businesses (1-250) was 65.2 percent, compared with 64.5 percent for large enterprises (2500+).
 
Spam Attack Vectors
October highlights the increase in spam emails resulting in NDRs (spam related non-delivery reports). In these cases, the recipient email addresses are invalid or bounced by their service provider.
 
NDR spam, as shown in the chart above, is often as a result of widespread dictionary attacks during spam campaigns, where spammers make use of databases containing first and last names and combine them to generate random email addresses. A higher-level of activity is indicative of spammers that are seeking to build their distribution lists by ignoring the invalid recipient emails in the bounce-backs. The list can then be used for more targeted spam attacks containing malicious attachments or links. This might indicate a pattern followed by spammers in harvesting the email addresses for some months and using those addresses for targeted attacks in other months.
 
Phishing Analysis
In October, the global phishing rate decreased by 0.059 percentage points, taking the global average rate to one in 286.9 emails (0.35 percent) that comprised some form of phishing attack.
Analysis of Phishing Web sites
The overall phishing decreased by about 22 percent this month. Unique domains decreased by about 13 percent as compared to the previous month. Phishing websites that used automated toolkits increased by 5 percent.
Phishing websites with IP domains (for e.g. domains like http://255.255.255.255) decreased by about 30 percent. Webhosting services comprised of 4 percent of all phishing, a decrease of 4 percent from the previous month. The number of non-English phishing sites increased by 17 percent. Among non-English phishing sites, Portuguese, French, Italian, Portuguese, and Chinese were highest in October.
 
Tactics of Phishing Distribution
 
Organizations Spoofed in Phishing Attacks, by Industry
 
Email-borne Threats
The global ratio of email-borne viruses in email traffic was one in 229.4 emails (0.44 percent) in October, an decrease of 0.04 percentage points since August.
In October, 23.5 percent of email-borne malware contained links to malicious websites, 1.3 percentage points higher than September.
 
Web-based Malware Threats
In October, Symantec Intelligence identified an average of 933 websites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 29.1 percent since August. This reflects the rate at which websites are being compromised or created for the purpose of spreading malicious content. Often this number is higher when Web-based malware is in circulation for a longer period of time to widen its potential spread and increase its longevity.
As detection for Web-based malware increases, the number of new websites blocked decreases and the proportion of new malware begins to rise, but initially on fewer websites. Further analysis reveals that 38.5 percent of all malicious domains blocked were new in October; an increase of 1.63 percentage points compared with September. Additionally, 11.0 percent of all Web-based malware blocked was new in October; an increase of 0.4 percentage points since September.
 
 
 
 
The chart above shows the decrease in the number of new spyware and adware websites blocked each day on average during October compared with the equivalent number of Web-based malware websites blocked each day.
 
 
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 28 آبان 1391

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0