Symantec MessageLabs have released their March 2011 Intelligence Report which as usual makes very interesting reading.
The highlights of the Intelligence Report are below:
- Spam – 79.3% in March (a decrease of 2.0 percentage points since February 2011)
- Viruses – One in 208.9 emails in March contained malware (an increase of 0.13 percentage points since February 2011)
- Phishing – One in 252.5 emails comprised a phishing attack (a decrease of 0.07 percentage points since February 2011)
- Malicious websites – 2,973 web sites blocked per day (a decrease of 27.5% since February 2011)
- 37.0% of all malicious domains blocked were new in March (a decrease of 1.9 percentage points since February 2011)
- 24.5% of all web-based malware blocked was new in March (an increase of 4.2 percentage points since February 2011)
- Global spam volumes drop by one third, as Rustock botnet is dismantled
- First review of spam-sending botnets in 2011 identified Bagle as most active botnet as Rustock fell silent
SPAM. The Russian Federation is now the most frequent source of spam in March; perhaps in large part given that there are a large number of bots for Bagle, Lethic and Maazben located in this geography.
| Country | % of Spam |
| Russian Federation | 12.4% |
| India | 8.8% |
| Brazil | 5.9% |
| United States | 4.5% |
| Ukraine | 4.4% |
| Colombia | 3.9% |
| Romania | 3.8% |
| Argentina | 2.8% |
| Vietnam | 2.5% |
| Korea, Republic of | 2.5% |
Symantec MessageLab’s table below shows the most frequently blocked email-borne malware for March, many of which take advantage of malicious hyperlinks. In March, 35.3% of email-borne malware was associated with Bredolab, SpyEye and Zeus variants, a trend initially reported in the MessageLabs Intelligence Report for February 2011.
| Malware | % Malware |
| Trojan.Bredolab!eml | 24.0% |
| Exploit/SuspLink-7d87 | 17.1% |
| W32/Bredolab.gen!eml-19251 | 4.8% |
| Trojan.Bredolab | 1.9% |
| Exploit/SuspLink.dam | 1.8% |
| Exploit/SuspLink-6c7b | 1.6% |
| W32/Bredolab.gen!eml | 1.5% |
| W32/Bredolab!gen-ad91 | 1.4% |
| Exploit/LinkAliasPostcard-b354 | 0.8% |
| W32/Delf-Generic-ad9e | 0.7% |
Symantec MessageLab’s table below shows the malware most frequently blocked targeting endpoint devices for the last month.
| Malware | % Malware |
| W32.Sality.AE | 8.3% |
| Trojan.Gen* | 7.7% |
| Trojan Horse | 7.4% |
| W32.Ramnit!html | 5.8% |
| Trojan.Gen.2* | 4.9% |
| W32.Ramnit.B!inf | 4.3% |
| Trojan.ADH.2 | 4.3% |
| Trojan.Bamital | 4.3% |
| W32.Downadup.B | 3.9% |
| Downloader* | 3.5% |
See the whole Symantec MessageLab’s Intelligence Report here.
It is also worth reading the earlier posts on Phishing and the impact on the UK Banks and the Fraud Intelligence Report.
.
Brian Pennington 
3 Pingback