‫ Summary of Symantec Intelligence Report: January 2012

Date: 2012-05-25
January edition of the Symantec Intelligence report provides the latest analysis of cybersecurity threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this report includes data from December 2011 and January 2012.
Beginning on New Year's Eve, January 1, 2012 and continuing earlier into the days following, Symantec Intelligence identified spammers taking advantage of the New Year anniversary, seemingly to entice users into clicking on spam links contained in the email messages.
Further investigation revealed that spammers were compromising legitimate Web servers, leaving the main Web site content intact (to avoid or delay detection) and simply adding a simple PHP script, typically named "HappyNewYear.php", "new-year-link.php" or "new-year.link.php". These scripts simply redirect to a spam pharmaceutical Web site.
In addition, around New Year, many Web sites and blogs publish various "top ten" lists of the past year, their predictions for the coming year, so a URL containing the phrase "new year" may seem more relevant and topical, and may increase the likelihood of it being opened.
However, this is just the social engineering element, and the URL redirects (through a compromised machine) to a familiar spammer "My Canadian Pharmacy" Web site.
In January 2012, the global ratio of spam in email traffic rose by 1.3 percentage points since percent (1 in 1.45 emails). This follows a more noticeable drop in December when spam fell by 2.8 percentage points to 67.7 percent. Consequently, this recent increase means that spam has almost returned to the same level as in November 2011.
As the global spam rate increased, Saudi Arabia became the most spammed geography in January; with a spam rate of 75.5 percent and China was the second most-spammed with 75.0 percent of email traffic blocked as spam.
In the US, 69.0 percent of email was spam and 68.7 percent in Canada. The spam level in the UK was 69.3 percent.
Moreover, the Education sector became the most spammed industry sector in January, with a spam rate of 71.0 percent. The spam rate for the Chemical & Pharmaceutical sector was 69.0 percent, compared with 68.7 percent for IT Services, 68.4 percent for Retail, 68.9 percent for Public Sector and 68.2 percent for Finance.
The spam rate for small to medium-sized businesses (1-250) was 68.9%, compared with 69.1% for large enterprises (2500+).
Spam Attack Vectors
The proportion of spam that contained a malicious attachment or link was much less than was observed during the previous month, with only two major spikes of spam activity during the first half of the period. The frequency of attacks has diminished significantly since the end of December 2011.
Phishing Analysis
In January, the global phishing rate increased by 0.06 percentage points, taking the average to one in 370.0 emails (0.27 percent) that comprised some form of phishing attack.
The Netherlands became the country most targeted for phishing attacks in January, with one in 62.6 emails identified as phishing. The UK was the second most targeted country, with one in 179.4 emails identified as phishing attacks.
Phishing levels for the US were one in 1,145 and one in 379.9 for Canada. In Germany phishing levels were one in 797.6, one in 330.9 in Denmark.
Analysis of Phishing Web sites
The number of phishing Web sites decreased by 18.2 percent in January. The number of phishing Web sites created by automated toolkits decreased by approximately 41.4 percent, accounting for approximately 42.6 percent of phishing Web sites, including attacks against well-known social networking Web sites and social networking apps.
The number of unique phishing domains increased by 15.9 percent and phishing Web sites using IP addresses in place of domain names (for example,, increased by 78.0 percent. The use of legitimate Web services for hosting phishing Web sites accounted for approximately 5.9 percent of all phishing Web sites, an increase of 21.2 percent from the previous month. The number of non-English phishing Web sites increased by 41.5 percent.
Of the non-English phishing Web sites Portuguese, Italian, French and Spanish were among the highest in January.
Tactics of Phishing Distribution
Organizations Spoofed in Phishing Attacks, by Industry
Email-borne Threats
The global ratio of email-borne viruses in email traffic was one in 295.0 emails (0.33 percent) in January, a decrease of 0.02 percentage points since December 2011.
In January, 29.0 percent of email-borne malware contained links to malicious Web sites, unchanged since December 2011.
Web-based Malware Threats
In January, Symantec Intelligence identified an average of 2,102 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 77.4 percent since December 2011. This reflects the rate at which Web sites are being compromised or created for the purpose of spreading malicious content.


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 11 تیر 1391



امتیاز شما
تعداد امتیازها:0