MOUNTAIN VIEW, Calif. – June 28, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced the publication of its June 2011 Symantec Intelligence Report, the first Symantec report to combine the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. This month's analysis reveals that spam is currently at the lowest level it has been since the takedown of McColo, a California based ISP which hosted command and control channels for a number of major botnets, in November 2008.
Since the shutdown of Rustock, the largest spam-sending botnet, in March 2011, the volume of spam in global circulation each day continues to fluctuate. Spam accounted for 72.9 percent of email in June, returning to the same level as in April earlier this year. According to Symantec Intelligence, 76.6 percent of this spam was sent by botnets, compared with 83.1 percent in March.
“Despite the decrease in botnet spam this month, they should still be considered a dangerous force on the Internet. Cybercriminals continue to use botnets to conduct distributed denial of service attacks (DDoS), carry out fraudulent click-thrus on unsuspecting websites for financial gain, host illegal Web site content on infected computers, harvest personal data from infected users and install spyware to track victims' activities online,” said Paul Wood, senior intelligence analyst, Symantec.cloud.
“Spam remains a huge problem and spam levels continue to be unpredictable. Following the disruption of Rustock in March, approximately 36.9 billion spam emails were in circulation each day during April. This number rose to 41.7 billion in May, before falling back to 39.2 billion in June. During the same period last year, spam accounted for 121.5 billion emails in global circulation each day, equivalent to 89.3 percent of email traffic in June 2010. Over a twelve month period, a drop of 68.7 percent in volume resulted in a fall of only 16.4 percentage points in the overall global spam rate,” added Wood.
In the latest analysis, spam relating to pharmaceutical products accounted for 40 percent of all spam in June 2011, declining from 64.2 percent at the end of 2010. Spam subject line analysis shows that adult spam continues to flourish.
According to the Symantec Intelligence Report, spam messages promoting pharmaceutical products have been the most commonly seen spam attacks in June. Pharmaceutical products are deceptively marketed through spam emails employing a variety of obfuscation techniques. This month’s report highlights the changing nature of the spam-sending botnet landscape and online pharmacy spam using two different angles: a spoof of an online video sharing service and a new online pharmacy brand, perhaps seeking to exploit the popularity of the “wiki” name in a number of high-profile Web sites.
Last month, Symantec Intelligence also identified a new spam tactic being used, which introduced the “Wiki” name prefix for the promotion of fake pharmaceutical products relating to a new pharmacy brand, WikiPharmacy. The “Subject:” line in these attacks has a lot of randomization contained in the text. The “From:” header is either fake or a hijacked ISP account that gives a personalized appearance to the email.
Other report highlights:
Spam: In June 2011, the global ratio of spam in email traffic decreased by 2.9 percent since May 2011 to 72.9 percent (1 in 1.37 emails).
Phishing: In June, phishing activity decreased by 0.06 percent since May 2011; one in 286.7 emails (0.349 percent) comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 300.7 emails (0.333 percent) in June, a decrease of 0.117 percentage points since May 2011.
Web-based Malware Threats: In June, MessageLabs Intelligence identified an average of 5,415 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 70.8percent percent since May 2011.
Endpoint Threats: The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit, a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions.
- As the global spam level declined in June 2011, Saudi Arabia became the most spammed geography, with a spam rate of 82.2 percent, overtaking Russia, which moved into second position.
- In the US, 73.7 percent of email was spam and 72.0 percent in Canada.
- The spam level in the UK was 72.6 percent.
- In The Netherlands, spam accounted for 73.0 percent of email traffic, 71.8 percent in Germany, 71.9 percent in Denmark and 70.4 percent in Australia.
- In Hong Kong, 72.2 percent of email was blocked as spam and 71.2 percent in Singapore, compared with 69.2 percent in Japan. Spam accounted for 72.3 percent of email traffic in South Africa and 73.4 percent in Brazil.
- South Africa remained the most targeted geography for phishing emails in June, with 1 in 111.7 emails identified as phishing attacks.
- In the UK, phishing accounted for 1 in 130.2 emails.
- Phishing levels for the US were 1 in 1,270 and 1 in 207.7 for Canada.
- In Germany phishing levels were 1 in 1,375, 1 in 2,043 in Denmark and 1 in 543.7 in The Netherlands.
- In Australia, phishing activity accounted for 1 in 565.2 emails and 1 in 2,404 in Hong Kong.
- For Japan it was 1 in 11,179 and 1 in 2,456 for Singapore.
- In Brazil, 1 in 409.8 emails were blocked as phishing attacks.
- The UK remained the geography with the highest ratio of malicious emails in June, as one in 131.9 emails was blocked as malicious in June.
- In the US, virus levels for email-borne malware were 1 in 805.2 and 1 in 297.7 for Canada.
- In Germany virus activity reached 1 in 721.0, 1 in 1,310 in Denmark and in The Netherlands 1 in 390.3.
- In Australia, 1 in 374.5 emails were malicious and 1 in 666.5 in Hong Kong.
- For Japan it was 1 in 2,114, compared with 1 in 946.7 in Singapore.
- In South Africa, 1 in 280.9 emails and 1 in 278.9 emails in Brazil contained malicious content.
- The Public Sector remained the most targeted by phishing activity in June, with 1 in 83.7 emails comprising a phishing attack. Phishing levels for the Chemical & Pharmaceutical sector were 1 in 897.3 and 1 in 798.3 for the IT Services sector; 1 in 663.2 for Retail, 1 in 151.4 for Education and 1 in 160.8 for Finance.
- With 1 in 73.1 emails being blocked as malicious, the Public Sector remained the most targeted industry in June. Virus levels for the Chemical & Pharmaceutical sector were 1 in 509.4 and 1 in 513.8 for the IT Services sector; 1 in 532.8 for Retail, 1 in 130.4 for Education and 1 in 182.3 for Finance.
The June 2011 Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available here.
- June 2011 Symantec Intelligence Report (PDF)
- SlideShare Presentation: June 2011 Symantec Intelligence Report
- Blog Post: Phishing with Wimbledon tickets
- Blog Post: Has The Rustock Botnet Ceased Spamming?
- Symantec.cloud Global Threats
- Symantec.cloud Intelligence Reports
- Symantec.cloud In the News
- Symantec.cloud Podcasts
Connect with Symantec
About Symantec Intelligence Report
This month, for the first time, the Symantec Intelligence report combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially business risks. The data used to compile the analysis for this combined report includes data from May and June 2011.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.