ABOUT SYMANTEC

Press Release

Symantec Announces June 2010 MessageLabs Intelligence Report

FIFA World Cup-related Malware and Spam Attacks Intensify as Tournament Kicks Off

MOUNTAIN VIEW, Calif. – June 22, 2010 – Symantec Corp. (Nasdaq: SYMC) today announced the publication of its June 2010 MessageLabs Intelligence Report. Analysis reveals that the percentage of spam related to football and soccer keywords since March 2010 has approached 25 percent of all global spam in the build-up to the FIFA World Cup. The FIFA World Cup is the latest newsworthy world event to be exploited in this way.


“Right now, spammers are reliant on the massive wave of excitement and expectation that typically surrounds an event like the FIFA World Cup,” said MessageLabs Intelligence Senior Analyst, Paul Wood. “Riding this wave, spammers get the attention of their victims by offering products for sale or enticing them to click on a link. It is not uncommon for the event to appear in the subject line of an email but for the body of the same email to be completely unrelated.”


Earlier this month, MessageLabs Intelligence reported on additional FIFA World Cup-related attacks. Beginning on June 2, MessageLabs Intelligence intercepted a run of 45 targeted malware emails en route to executives and managers at Brazilian companies, including those in the chemical, manufacturing and finance sectors. These attacks were designed to rely on social engineering tactics and World Cup excitement to compromise corporate systems and gain access to corporate information via the recipients.


The attack used dual attack modes – a PDF attachment and a malicious link – to increase the chances of success reasoning that if the PDF attachment is removed by the anti-virus gateway, the malicious link will remain in the cleaned email which many email filtering systems would then deliver to the recipient.


Also in June, MessageLabs Intelligence intercepted pharmaceutical spam using obfuscated JavaScript in the attachment. The World Cup-related subject line is designed to pique the recipient’s curiosity driving them to open the html attachment. The obfuscated JavaScript within the attachment contains code to redirect the recipient's browser to a different and disguised location.


“Skilled and calculating spammers have gone to great lengths to disguise what the JavaScript actually does,” Wood said. “Deceiving recipients into opening a message that contains unrelated content is an approach commonly used with malware. We expect to see more of these attacks as the football tournament continues.”


Other report highlights:

Spam: In June 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 89.3 percent (1 in 1.12 emails), a decrease of 0.9 percentage points since May.


Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 276.4 emails (0.362 percent) in June, an decrease of 0.11 percentage points since May. In June 16.7 percent of email-borne malware contained links to malicious websites, a decrease of 5.9 percentage points since May.


Endpoint Threats: MessageLabs Intelligence can now analyze additional threats against endpoint devices such as laptops, PCs and servers and the trends surrounding them following the launch of our new Hosted Endpoint Protection service. Malware may penetrate an organization in many ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Once again, this month the most frequently blocked malware for the last month was the Sality.AE virus, which spreads by infecting executable files and attempts to download potentially malicious files from the Internet.


Phishing: In June, phishing activity was 1 in 634.4 emails (0.158 percent) a decrease of 0.26 percentage points since May. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had decreased by 17.3 percentage points to 63.3 percent of all email-borne malware and phishing threats combined.


Web security: Analysis of web security activity shows that 30.3 percent of malicious domains blocked were new in May, a decrease of 1.5 percentage points since May. Additionally, 12.4% of all web-based malware blocked was new in June; an increase of 0.1 percentage points since last month. MessageLabs Intelligence also identified an average of 1,598 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 9.7 percent since May.


Geographical Trends:

  • Spam levels in Hungary rose to 94.8 percent in June positioning it as the most spammed country.
  • In the US, 90.0 percent of email was spam and 88.0 percent in Canada. Spam levels in the UK were 88.2 percent.
  • In the Netherlands, spam accounted for 90.2 percent of email traffic, while spam levels reached 88.5 percent in Australia and 90.7 percent in Germany and 92.1 percent in Denmark.
  • Spam levels in Hong Kong reached 91.0 percent and 86.8 percent in Singapore. Spam levels in Japan were at 86.6 percent and 91.2 percent in China.
  • Virus activity in Taiwan was 1 in 55.1 emails, keeping it as the most targeted for email-borne malware in June.
  • Virus levels for the US were 1 in 739.7 and 1 in 512.9 for Canada. In Germany, virus levels were 1 in 565.1, 1 in 1,179 for the Netherlands, 1 in 624.0 for Australia, 1 in 573.2 for Hong Kong, 1 in 1,403.0 for Japan and 1 in 744.5 for Singapore.
  • UK remained the most active country for phishing attacks in June with 1 in 261.0 emails.

Vertical Trends:

  • In June, the most spammed industry sector with a spam rate of 94.1 percent remained the Engineering sector.
  • Spam levels for the Education sector were 89.9 percent, 89.6 percent for the Chemical & Pharmaceutical sector, 89.7 percent for IT Services, 89.8 percent for Retail, 87.7 percent for Public Sector and 87.6 percent for Finance.
  • In June, the Public Sector remained the most targeted industry for malware with 1 in 124.0 emails being blocked as malicious.
  • Virus levels for the Chemical & Pharmaceutical sector were 1 in 532.1, 1 in 512.3 for the IT Services sector, 1 in 714.7 for Retail, 1 in 200.5 for Education and 1 in 594.7 for Finance.

The June 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.


Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.


About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.


Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.


Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.