Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

infosec

Symantec MessageLabs April 2011 Intelligence Report

Image representing Symantec as depicted in Cru...
Image via CrunchBase

Symantec MessageLabs have released their April 2011 Intelligence Report which as usual makes very interesting reading.

The highlights of the Intelligence Report are below:

  • Spam – 72.9% in April (a decrease of 6.4 percentage points since March 2011)
  • Viruses – One in 168.6 emails in April contained malware (an increase of 0.11 percentage
    points since March 2011)
  • Phishing – One in 242.2 emails comprised a phishing attack (an increase of 0.02
    percentage points since March 2011)
  • Malicious web sites – 2,431 web sites blocked per day (a decrease of 18.2% since March
    2011)
  • 33.0% of all malicious domains blocked were new in April (a decrease of 4.0 percentage
    points since March 2011)
  • 22.5% of all web-based malware blocked was new in April (a decrease of 1.9 percentage
    points since March 2011)
  • Targeted attacks increase in intensity: What does a recent targeted attack look like?
  • Shortened URLs: Do you know what you’re clicking on?

Symantec MessageLab’s table below shows the most frequently blocked email-borne malware for April, many of which take advantage of malicious hyperlinks. Overall, 55.1% of email-borne malware was associated with Bredolab, Sasfis, SpyEye and Zeus variants, a trend initially reported in the MessageLabs Intelligence Report for February 2011. 

Malware % Malware
Trojan.Bredolab!eml  37.67%
Exploit/FakeAttach  4.54%
HeurAuto-08ba  3.88%
Gen:Variant.Kazy.17074 3.53%
Trojan.Bredolab 3.31%
W32/Bredolab.gen!eml-19251 3.27%
W32/Bredolab.gen!eml 2.83%
Gen:Variant.Kazy.16615 1.80%
W32/Generic-afcd 1.79%
W32/Delf-Generic-ad9e 0.70%

Symantec MessageLab’s table below shows the malware most frequently blocked targeting endpoint devices for the last month. This includes data from endpoint devices protected by Symantec technology around the world, including data from clients which may not be using other layers of protection, such as Symantec MessageLabs Web Security.cloud or Symantec MessageLabs Email AntiVirus.cloud.

Malware % Malware
W32.Sality.AE  8.10%
W32.Ramnit.B!inf  7.80%
W32.Ramnit!html  6.90%
Trojan.Gen 6.80%
Trojan Horse  6.80%
Trojan.Bamital  5.30%
W32.Downadup.B 4.10%
Trojan.Gen.2  3.80%
Downloader  3.80%
W32.Almanahe.B!inf  2.50%

See entire Symantec MessageLab’s Intelligence Report here

The March report summary can be found here.

.

Advertisements

Symantec MessageLabs March 2011 Intelligence Report

Image representing MessageLabs as depicted in ...
Image via CrunchBase

Symantec MessageLabs have released their March 2011 Intelligence Report which as usual makes very interesting reading.

The highlights of the Intelligence Report are below:

  • Spam – 79.3% in March (a decrease of 2.0 percentage points since February 2011)
  • Viruses – One in 208.9 emails in March contained malware (an increase of 0.13 percentage points since February 2011)
  • Phishing – One in 252.5 emails comprised a phishing attack (a decrease of 0.07 percentage points since February 2011)
  • Malicious websites – 2,973 web sites blocked per day (a decrease of 27.5% since February 2011)
  • 37.0% of all malicious domains blocked were new in March (a decrease of 1.9 percentage points since February 2011)
  • 24.5% of all web-based malware blocked was new in March (an increase of 4.2 percentage points since February 2011)
  • Global spam volumes drop by one third, as Rustock botnet is dismantled
  • First review of spam-sending botnets in 2011 identified Bagle as most active botnet as Rustock fell silent

SPAM. The Russian Federation is now the most frequent source of spam in March; perhaps in large part given that there are a large number of bots for Bagle, Lethic and Maazben located in this geography.

Country % of Spam
Russian Federation 12.4%
India 8.8%
Brazil 5.9%
United States 4.5%
Ukraine 4.4%
Colombia 3.9%
Romania 3.8%
Argentina 2.8%
Vietnam 2.5%
Korea, Republic of 2.5%

Symantec MessageLab’s table below shows the most frequently blocked email-borne malware for March, many of which take advantage of malicious hyperlinks. In March, 35.3% of email-borne malware was associated with Bredolab, SpyEye and Zeus variants, a trend initially reported in the MessageLabs Intelligence Report for February 2011.

Malware % Malware
Trojan.Bredolab!eml 24.0%
Exploit/SuspLink-7d87 17.1%
W32/Bredolab.gen!eml-19251 4.8%
Trojan.Bredolab 1.9%
Exploit/SuspLink.dam 1.8%
Exploit/SuspLink-6c7b 1.6%
W32/Bredolab.gen!eml 1.5%
W32/Bredolab!gen-ad91 1.4%
Exploit/LinkAliasPostcard-b354 0.8%
W32/Delf-Generic-ad9e 0.7%

Symantec MessageLab’s table below shows the malware most frequently blocked targeting endpoint devices for the last month.

Malware % Malware
W32.Sality.AE 8.3%
Trojan.Gen* 7.7%
Trojan Horse 7.4%
W32.Ramnit!html 5.8%
Trojan.Gen.2* 4.9%
W32.Ramnit.B!inf 4.3%
Trojan.ADH.2 4.3%
Trojan.Bamital 4.3%
W32.Downadup.B 3.9%
Downloader* 3.5%

See the whole Symantec MessageLab’s Intelligence Report here.

It is also worth reading the earlier posts on Phishing and the impact on the UK Banks and the Fraud Intelligence Report.

.

Blog at WordPress.com.

Up ↑

%d bloggers like this: