Image representing MessageLabs as depicted in ...
Image via CrunchBase

Symantec MessageLabs have released their March 2011 Intelligence Report which as usual makes very interesting reading.

The highlights of the Intelligence Report are below:

  • Spam – 79.3% in March (a decrease of 2.0 percentage points since February 2011)
  • Viruses – One in 208.9 emails in March contained malware (an increase of 0.13 percentage points since February 2011)
  • Phishing – One in 252.5 emails comprised a phishing attack (a decrease of 0.07 percentage points since February 2011)
  • Malicious websites – 2,973 web sites blocked per day (a decrease of 27.5% since February 2011)
  • 37.0% of all malicious domains blocked were new in March (a decrease of 1.9 percentage points since February 2011)
  • 24.5% of all web-based malware blocked was new in March (an increase of 4.2 percentage points since February 2011)
  • Global spam volumes drop by one third, as Rustock botnet is dismantled
  • First review of spam-sending botnets in 2011 identified Bagle as most active botnet as Rustock fell silent

SPAM. The Russian Federation is now the most frequent source of spam in March; perhaps in large part given that there are a large number of bots for Bagle, Lethic and Maazben located in this geography.

Country % of Spam
Russian Federation 12.4%
India 8.8%
Brazil 5.9%
United States 4.5%
Ukraine 4.4%
Colombia 3.9%
Romania 3.8%
Argentina 2.8%
Vietnam 2.5%
Korea, Republic of 2.5%

Symantec MessageLab’s table below shows the most frequently blocked email-borne malware for March, many of which take advantage of malicious hyperlinks. In March, 35.3% of email-borne malware was associated with Bredolab, SpyEye and Zeus variants, a trend initially reported in the MessageLabs Intelligence Report for February 2011.

Malware % Malware
Trojan.Bredolab!eml 24.0%
Exploit/SuspLink-7d87 17.1%
W32/Bredolab.gen!eml-19251 4.8%
Trojan.Bredolab 1.9%
Exploit/SuspLink.dam 1.8%
Exploit/SuspLink-6c7b 1.6%
W32/Bredolab.gen!eml 1.5%
W32/Bredolab!gen-ad91 1.4%
Exploit/LinkAliasPostcard-b354 0.8%
W32/Delf-Generic-ad9e 0.7%

Symantec MessageLab’s table below shows the malware most frequently blocked targeting endpoint devices for the last month.

Malware % Malware
W32.Sality.AE 8.3%
Trojan.Gen* 7.7%
Trojan Horse 7.4%
W32.Ramnit!html 5.8%
Trojan.Gen.2* 4.9%
W32.Ramnit.B!inf 4.3%
Trojan.ADH.2 4.3%
Trojan.Bamital 4.3%
W32.Downadup.B 3.9%
Downloader* 3.5%

See the whole Symantec MessageLab’s Intelligence Report here.

It is also worth reading the earlier posts on Phishing and the impact on the UK Banks and the Fraud Intelligence Report.