Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Email Security.cloud
Showing posts in English
Paul Wood | 04 Jul 2011 | 0 comments

Today – Monday 4th July – is notable not just because it is Independence Day in the US, but also because it marks another important anniversary for the technology industry in particular. Fifteen years ago, on 4th July 1996, entrepreneurs Sabeer Bhatia and Jack Smith officially launched the first free web-based email system Hotmail, choosing the day deliberately to symbolise freedom from ISP-based email. In 1997, Microsoft acquired Hotmail for an estimated $400m and turned it into the world’s largest web-based email service with over 350 million users operating in 36 different languages.

The mass adoption of Hotmail, and subsequently rival web-based email tools such as Gmail and Yahoo! Mail, is significant for a couple of reasons. Firstly, over a number of years it has successfully transformed email from a largely professional, ‘grown up’ tool, into a free, mainstream, consumer-friendly way of communicating, accessible to, and enthusiastically...

Paul Wood | 28 Jun 2011 | 2 comments

Welcome to the June edition of the Symantec Intelligence report, which for the first time combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report.  The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks.

Since the shutdown of the Rustock botnet in March, spam volumes have never quite recovered as the volume of spam in global circulation each day continues to fluctuate, as shown in figure 1, below.

The overall impact has been that spam now accounts for 72.9% of email in June, returning to the same level as in April earlier this year. In June, 76.6% of this spam was being sent from botnets, compared with 83.1% in March. This marks a return to the same level of output as at the end of 2010...

Paul Wood | 27 Apr 2011 | 0 comments

Posted on behalf of Martin Lee, Senior Software Engineer, Symantec.cloud

Targeted attacks are bespoke pieces of malware that are sent to email addresses that appear to have been specially selected by the attacker.  In this way they differ from the rest of email malware that are sent in large numbers without apparent regard to the recipient. In this way non-targeted attacks appear to be designed to infect as many computers as possible, whereas targeted attacks appear to be designed to attack the computers of specifically targeted individuals presumably either to extract information that is valuable to the attacker or to act as a launching pad for further attacks within an organisation.

The targeted malware itself often exploits ‘0’ day or the most recent vulnerabilities. The low copy-numbers in which these malwares are sent and their sophistication means that they are often not detected by traditional anti-virus techniques and require...

Paul Wood | 15 Apr 2011 | 0 comments

Posted on behalf of Mat Nisbet, Malware Analyst, Symantec.cloud

On the 16th of March Rustock, the largest of the spamming botnets, was taken down. As you would expect,  global spam levels started to drop, as can be seen when you look at the number of mails being delivered  to one of our spamtraps.

However, on the 26th March we saw a large increase in the amount of data traffic hitting our spamtraps,  despite the number of actual emails continuing to decline.

Investigation revealed that the reason for this was that the Cutwail botnet had started sending much  more emails with zip file attachments than normal, meaning the average size of each mail was much  higher than normal. The chart below shows that there have been a couple of spikes in early March, which  may have...

Paul Wood | 06 Apr 2011 | 0 comments

Posted on behalf of Jason Zhang and Joseph Rabaiotti, Malware Research Analysts, Symantec.cloud

Portable document format (PDF) is one of the most commonly used file formats with which to exchange electronic documents across platforms and applications. Because of its popularity, it has been heavily used in both targeted and non-targeted attacks, as reported by MessageLabs Intelligence Monthly Report (PDF) in February 2011 and a blog post in January 2011. According to the report, PDFs now account for a larger proportion of document-based targeted attacks; in 2009 approximately 52.6% of targeted attacks used PDF exploits, compared with 65.0% in 2010.

In 2011, we have seen no sign of slowing down of this trend, more recently the attacks have widened to include sophisticated...

MarissaVicario | 04 Apr 2011 | 0 comments
 

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec.cloud

Every year tax season is usually exploited by those who seek to make a profit preying on people's trust. Throughout the year MessageLabs Intelligence commonly sees phishing attacks, but there is always an increase around March, as the financial year draws to a close and tax season kicks into full swing.

The chart above shows tax-related phishing as a proportion of all malicious mail (not general spam)

As on can see, there was an increase in traffic in mid February, but even that is less than half of the volume of tax related scams seen throughout March.

Most of the scams that we are seeing are purporting to be from the UK's tax office, "Her Madjesty's Revenue and Customs", or the USA's tax...

Paul Wood | 22 Mar 2011 | 0 comments

On 21 March 2006, Jack Dorsey sent the first ever Twitter message or ‘tweet’ with five simple words “just setting up my twttr”.  Five years later, 140 million tweets are sent in a host of different languages every day via the micro-blogging service which boasts over 200 million registered users worldwide and is valued at an estimated $7.7 billion following an auction of shares in March 2011.

Although Twitter’s 100 million messages a day may seem paltry compared to the roughly 66 billion email messages sent each day on average in March 2011 before the Rustock botnet was disrupted; (52 billion of which were spam). The prolific growth of micro-blogging platforms...

Paul Wood | 17 Mar 2011 | 0 comments

Posted on behalf of Mat Nisbet, Malware Data Analyst, Symantec.cloud

Brian Krebs posted on KrebsonSecurity a report about the Rustock botnet apparently going quiet yesterday, and spam from the botnet ceasing. I can confirm that at around 15:30 UTC, on 16 March, spam identified as coming from the botnet known as Rustock ceased sending spam, as shown below:

In the chart above, the spike on this chart is actually normal behaviour for Rustock, as can be seen from this next chart, covering a longer time period:

For the last year or so, Rustock has been the dominant source of spam in the world, by the end of 2010, accounting for as much as 47.5% of all spam. At it’s peak it was...

Paul Wood | 28 Feb 2011 | 1 comment

Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec.cloud

Internationalized Domain Names (IDN) allow domain names to include Arabic, Chinese, Russian, Latin (with diacritics) and many other characters like 寿司and 한글. It has been possible to include these characters in some domains for several years, but until last year, top-level domains (like .ru for Russia) were not internationalized like this. Several top-level domains now have internationalized versions, for example .рф for Russia.

I recently saw some German pharmacy spam (targeted at Germany, Austria and Switzerland). The spam itself is fairly normal. It promotes erectile dysfunction drugs, and includes links to a popular URL shortening site:

Figure 1 – example of spam email using URL shortening service redirecting to IDN domain

Most of the spam is in German, but it does include...

Paul Wood | 25 Feb 2011 | 0 comments

Posted on behalf of Jo Hurcombe AV Operations Engineer, Symantec.cloud

Today, I identified a new targeted attack that for the first time makes reference to a discussion on the economic stakes in Libya’s current Crisis.

The email itself is very simple and is designed to appear as part of a discussion about the economic stakes in Libya's current crisis, with the sender claiming to agree with points raised in the attached document, as seen in the example given below.

Example of targeted email

The first example of this targeted attack was intercepted by Symantec.cloud on February 24, 2011 at 12:52 GMT. These attacks were targeted in nature and in total 27 individuals were targeted within six organizations. The emails were sent from four separate domains. All of the organizations targeted are involved in promoting human rights, supporting humanitarian...