 "Polymorphic Malware Rate Peaks At 72% In September")
Symantec Corp. has announced the results of the September 2011 Symantec Intelligence Report, now combining the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report.
This month’s analysis reveals that a deluge of malicious email-borne malware has left a clear mark on the threat landscape for September. Approximately 72 per cent of all email-borne malware in September could be characterised as aggressive strains of generic polymorphic malware, first identified in the July Symantec Intelligence Report. At the end of July, this rate was 23.7 per cent, in August it fell slightly to 18.5 per cent before soaring to 72 per cent in September.
“This unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures,” said Abhijit Limaye, Director, Development, Symantec.
Further analysis also reveals that the social engineering behind many of these attacks has also accelerated, with the adoption of a variety of new techniques such as pretending to be an email from a smart printer/scanner being forwarded by a colleague in the same organisation. “The idea of an office printer sending malware is perhaps an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future,” Limaye said.
Although spam levels remained fairly stable during September, Symantec Intelligence observed the use of identified vulnerabilities in certain older versions of the popular WordPress blogging software on a large number of Web sites across the Internet. Spam emails containing links to these compromised Web sites are also being spammed out. It is important to note that blogs hosted by WordPress themselves seem to be unaffected. The exploitation of these vulnerabilities to serve spammers’ interests is a stark reminder for the need to ensure software is up-to-date with latest patches and releases.
Additional research also reveals that JavaScript is becoming increasing popular as programming language by spammers and malware authors. JavaScript is increasingly used to conceal where spammers are redirecting, and in some cases, also to conceal entire Web pages. “For spammers, hosting simple JavaScript obfuscation pages on free hosting sites can increase the lifetime of that site before the site operator realises the page is being used for malicious activity,” Limaye said. “JavaScript is popularly used for redirecting visitors of a compromised Web site to the spammers landing page. While some of these techniques have been common in malware distribution for some time, spammers are increasingly using them,” added Limaye.
Other report highlights:
Spam: In September 2011, the global ratio of spam in email traffic declined to 74.8 per cent (1 in 1.34 emails), a decrease of 1.1 percentage points when compared with August 2011.
Phishing: In September, phishing email activity diminished by 0.26 percentage points since August 2011; one in 447.9 emails (0.223 per cent) comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 188.7 emails (0.53 per cent) in September, an increase of 0.04 per centage points since August 2011.
Web-based Malware Threats: In September, Symantec Intelligence identified an average of 3,474 Web sites each day harbouring malware and other potentially unwanted programs including spyware and adware; an increase of 1.0 per cent since August 2011.
Endpoint Threats: The most frequently blocked malware for the last month was W32.Sality.AE, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
Vertical Trends:
In September, the Automotive industry sector remained as the most spammed industry sector, with a spam rate of 77.8 per cent. The spam level for the Education sector was 77.2 per cent and 74.6 per cent for the Chemical & Pharmaceutical sector, 74.4 per cent for IT Services, 74.3 per cent for Retail, 74.5 per cent for Public Sector and 74.3 per cent for Finance.
The Public Sector remained the most targeted by phishing activity in September, with one in 125.8 emails comprising a phishing attack. Phishing levels for the Chemical & Pharmaceutical sector reached one in 797.3 and one in 754.6 for the IT Services sector, one in 664.5 for Retail, one in 156.9 for Education and one in 388.6 for Finance.
With one in 61.5 emails being blocked as malicious, the Public Sector remained the most targeted industry in September. Virus levels for the Chemical & Pharmaceutical sector were one in 104.5 and one in 192.2 for the IT Services sector; one in 276.1 for Retail, one in 80.1 for Education and one in 240.9 for Finance.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
