‫ Summary of Symantec Intelligence Report: May 2012

May edition of the Symantec Intelligence report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this report includes data from April and May 2012.
In May, the global ratio of spam in email traffic rose by 3.3 percentage points since April, to 67.8 percent (1 in 1.48 emails). This represents the first increase in spam levels since the end of 2011.
As the global spam rate increased, Saudi Arabia remained the most spammed geography in May; with a spam rate of 77.0 percent.
In the US, 67.8 percent of email was spam and 67.6 percent in Canada. The spam level in the UK was 68.0 percent. In The Netherlands, spam accounted for 69.6 percent of email traffic, 67.3 percent in Germany, 67.1 percent in Denmark and 67.1 percent in Australia. In Hong Kong, 67.2 percent of email was blocked as spam and 66.9 percent in Singapore, compared with 64.5 percent in Japan. Spam accounted for 67.7 percent of email traffic in South Africa and 72.0 percent in Brazil.
The Automotive sector was the most spammed industry sector in May, with a spam rate of 71.1 percent; the spam rate for the Education sector was 69.3 percent and 68.9 percent in the Chemical & Pharmaceutical sector. The spam rate in the IT Services sector was 67.8 percent, 67.1 percent for Retail, 67.6 percent for Public Sector, and 67.2 percent for Finance.
The spam rate for small to medium-sized businesses (1-250) was 67.0 percent, compared with 67.8 percent for large enterprises (2500+).
Spam Attack Vectors
The proportion of spam that contained a malicious attachment or link increased toward the end of the previous month, with four major spikes of spam activity during the period, as shown in the chart below.
Phishing Analysis
In May, the global phishing rate decreased by 0.03 percentage points, taking the global average rate to one in 568.3 emails (0.18 percent) that comprised some form of phishing attack.
The Netherlands remained the country most targeted for phishing attacks in May, with one in 196.2 emails identified as phishing.
Phishing levels for the US reached one in 1,702 and one in 493.1 for Canada. In Germany phishing levels were one in 884.3, one in 930.9 in Denmark. In Australia, phishing activity accounted for one in 867.8 emails and one in 2,310 in Hong Kong; for Japan it was one in 5,525 and one in 2,072 for Singapore. In Brazil one in 1,502 emails was blocked as phishing.
Analysis of Phishing Web sites
Overall, the number of phishing Web sites increased by 16.3 percent in May compared with the previous month. The number of phishing Web sites created by automated toolkits jumped by 62.5 percent, accounting for approximately 65.9 percent of phishing Web sites, including attacks against well-known social networking Web sites and social networking apps.
The number of unique phishing domains decreased by 24.9 percent and phishing Web sites using IP addresses in place of domain names (for example,, increased threefold by 228.3 percent. The use of legitimate Web services for hosting phishing Web sites accounted for approximately 3.3 percent of all phishing Web sites, an increase of 5.9 percent compared with the previous month. The number of non-English phishing Web sites increased by 7.5 percent.
Of the non-English phishing Web Portuguese, French, Italian, and German were among the highest in May.
Tactics of Phishing Distribution
Organizations Spoofed in Phishing Attacks, by Industry
Email-borne Threats
The global ratio of email-borne viruses in email traffic was one in 365.1 emails (0.27 percent) in May, a decrease of 0.03 percentage points since April.
In May, 26.2 percent of email-borne malware contained links to malicious Web sites, 16.9 percentage points higher than the previous month.
Web-based Malware Threats
In May, Symantec Intelligence identified an average of 4,359 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware—an increase of 48.7 percent since April. This reflects the rate at which websites are being compromised or created for the purpose of spreading malicious content. Often this number is higher when Web-based malware is in circulation for a longer period of time to widen its potential spread and increase its longevity.
As detection for Web-based malware increases, the number of new Web sites blocked decreases and the proportion of new malware begins to rise, but initially on fewer Web sites.
The chart above shows the increase in the number of new spyware and adware Web sites blocked each day on average during May, compared with the equivalent number of Web-based malware Web sites blocked each day.


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 9 اردیبهشت 1391



امتیاز شما
تعداد امتیازها:0