Image representing Symantec as depicted in Cru...
Image via CrunchBase

Symantec have released their June 2011 Intelligence Report. The Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from May and June 2011.

Report highlights

  • Spam – 72.9% in June (a decrease of 2.9 percentage points since May 2011)
  • Phishing – One in 330.6 emails identified as Phishing (a decrease of 0.05 percentage points since May 2011)
  • Malware – One in 300.7 emails in June contained malware (a decrease of 0.12 percentage points since May 2011)
  • Malicious Web sites – 5,415 Web sites blocked per day (an increase of 70.8% since May 2011)
  • 35.1% of all malicious domains blocked were new in June (a decrease of 1.7 percentage points since May 2011):
  • 20.3% of all Web-based malware blocked was new in June (a decrease of 4.3 percentage points since May 2011)
  • Review of Spam-sending botnets in June 2011
  • Clicking to Watch Videos Leads to Pharmacy Spam
  • Wiki for Everything, Even for Spam
  • Phishers Return for Tax Returns
  • Fake Donations Continue to Haunt Japan
  • Spam Subject Line Analysis
  • Best Practices for Enterprises and Users

Spam Analysis

In June 2011, the global ratio of spam in email traffic decreased by 2.9% points since May 2011 to 72.9% (1 in 1.37 emails).

Country May April Change %
United States  29% 31% -2
India  5% 4% 1
Russia  5% 5%  
Brazil  5% 5%  
Netherlands  5% 5%  
Taiwan  3% 4% -1
South Korea  3% 3%  
Uruguay  3% 3%  
Ukraine  3% 2% 1
China 2% 3% -1

As the global spam level declined in June 2011, Saudi Arabia became the most spammed geography, with a spam rate of 82.2%, overtaking Russia, which moved into second position.

In the US, 73.7% of email was spam and 72.0% in Canada. The spam level in the UK was 72.6%. In The Netherlands, spam accounted for 73.0% of email traffic, 71.8% inGermany, 71.9% in Denmark and 70.4% in Australia. In Hong Kong, 72.2% of email was blocked as spam and 71.2% in Singapore, compared with 69.2% in Japan. Spam accounted for 72.3% of email traffic in South Africa and 73.4% in Brazil.

Global Spam Categories

Spam Category Name  June 2011
Pharmaceutical  40%
Adult/Sex/Dating 19%
Watches/Jewelry  18%
Newsletters  12%
Casino/Gambling  7%
Unknown  3%
Degrees/Diplomas  2%
Weight Loss  1%

Phishing Analysis

In June, Phishing activity decreased by 0.06 percentage points since May 2011; one in 286.7 emails (0.349%) comprised some form of Phishing attack

Phishing Sources: Country  May April % change
United States 44% 55% -11
Chile 15%  15%   unlisted N/A
Canada  5% 5%  
Germany  5% 6% -1
United Kingdom  4% 6% -2
China 2%  2%   unlisted N/A
France 2% 3% -1
Netherlands  2% 2%  
Russia  1% 2% -1
Australia 1% 3% -2

South Africa remained the most targeted geography for Phishing emails in June, with 1 in 111.7 emails identified as phishing attacks. South Africa suffers from a high level of Phishing activity targeting many of its four major national banks, as well as other international financial institutions.

In the UK, phishing accounted for 1 in 130.2 emails. Phishing levels for the US were 1 in 1,270 and 1 in 207.7  for Canada. In Germany Phishing levels were 1 in 1,375, 1 in 2,043 in Denmark and 1 in 543.7 in The Netherlands. In Australia, Phishing activity accounted for 1 in 565.2 emails and 1 in 2,404 in Hong Kong; for Japan it was 1 in 11,179 and 1 in 2,456 for Singapore. In Brazil, 1 in 409.8 emails were blocked as Phishing attacks.

The Public Sector remained the most targeted by phishing activity in June, with 1 in 83.7 emails comprising a Phishing attack. Phishing levels for the Chemical & Pharmaceutical sector were 1 in 897.3 and 1 in 798.3 for the IT Services sector; 1 in 663.2 for Retail, 1 in 151.4 for Education and 1 in 160.8 for Finance.

Email-borne Threats

The global ratio of email-borne viruses in email traffic was one in 300.7 emails (0.333%) in June, a decrease of 0.117 percentage points since May 2011.

The UK remained the geography with the highest ratio of malicious emails in June, as one in 131.9 emails was blocked as malicious in June.

In the US, virus levels for email-borne malware were 1 in 805.2 and 1 in 297.7 for Canada. In Germany virus activity reached 1 in 721.0, 1 in 1,310 in Denmark and in The Netherlands 1 in 390.3. In Australia, 1 in 374.5 emails were malicious and 1 in 666.5 in Hong Kong; for Japan it was 1 in 2,114, compared with 1 in 946.7 in Singapore. In South Africa, 1 in 280.9 emails and 1 in 278.9 emails in Brazil contained malicious content. With 1 in 73.1 emails being blocked as malicious, the Public Sector remained the most targeted industry in June. Virus levels for the Chemical & Pharmaceutical sector were 1 in 509.4 and 1 in 513.8 for the IT Services sector; 1 in 532.8 for Retail, 1 in 130.4 for Education and 1 in 182.3 for Finance.

Malware Name % Malware
Exploit/SuspLink-d1f2  4.85%
Link-Trojan.Generic.5483393-4cac  2.89%
W32/NewMalware!836b  2.41%
W32/NewMalware!0575 2.39%
Exploit/Link-FakeAdobeReader-8069  2.32%
Trojan.Bredolab!eml-1f08  1.97%
Exploit/LinkAliasPostcard-d361  1.52%
W32/Packed.Generic-7946 1.46%
W32/Bredolab.gen!eml  1.36%
Exploit/FakeAttach-844a 1.39%

Web-based Malware Threats

In June, MessageLabs Intelligence identified an average of 5,415 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 70.8% since May 2011. This reflects the rate at which Web sites are being compromised or created for the purpose of spreading malicious content. Often this number is higher when Web-based malware is in circulation for a longer period of time to widen its potential spread and increase its longevity. The 70.8% rise marks a return to the highest rate since December 2010, as can be seen in the chart below; the rate had previously been diminishing during the first half of 2011.

As detection for Web-based malware increases, the number of new Web sites blocked decreases and the proportion of new malware begins to rise, but initially on fewer Web sites. Further analysis reveals that 35.1% of all malicious domains blocked were new in June; a decrease of 1.7 percentage points compared with May 2011. Additionally, 20.3% of all Web-based malware blocked was new in June; a decrease of 4.3 percentage points since the previous month.

Endpoint Security Threats

The endpoint is often the last line of defense and analysis; however, the endpoint can often be the first-line of defense against attacks that spread using USB storage devices and insecure network connections. The threats found here can shed light on the wider nature of threats confronting businesses, especially from blended attacks and threats facing mobile workers. Attacks reaching the endpoint are likely to have already circumvented other layers of protection that may already be deployed, such as gateway filtering. The table below shows the malware most frequently blocked targeting endpoint devices for the last month. This includes data from endpoint devices protected by Symantec technology around the world, including data from clients which may not be using other layers of protection, such as Symantec Web Security.cloud or Symantec Email AntiVirus.cloud.

Malware Name Malware %
W32.Ramnit!html  9.47%
W32.Sality.AE  8.49%
Trojan.Bamital 8.23%
W32.Ramnit.B!inf  7.59%
W32.DownadupageB  3.76%
W32.Virut.CF  2.70%
W32.Almanahe.B!inf  2.50%
W32.SillyFDC  1.99%
Trojan.ADH. 1.91%
Trojan.ADH  1.90%
Generic Detection 16.90%

For further details visit the Symantec website here.

March’s Report summary can be found here.

April’s Report summary can be found here.

May’s Report summary can be found here.

.

Advertisements