Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Email
Showing posts in English
Paul Wood | 14 Oct 2009 | 0 comments

This post is made on behalf of my colleague Manoj Venugopalan, Malware Analyst for Symantec Hosted Services.

AutoIT, a free automation language for Windows platform-based development, is often used for scripting Windows-based applications and sometimes misused for creating malware. AutoIT scripts can be compiled into a compressed, standalone executable which will run without an interpreter. Auto2Exe is the application used to compile the AutoIT script into a standalone executiable.

Most of the malware based on AutoIT is in the form of worms and Trojans. Many such worms are well-known for logging into a user's IM client, changing their status message and then sending copies of the malware to all of the "buddies" in the victim's list.

MessageLabs Intelligence recently discovered an AutoIT Trojan using IRC (online chat) to connect an infected machine to a command and control channel without the user's knowledge. The malware is...

Paul Wood | 06 Oct 2009 | 0 comments

Further analysis of Rustock reveals some interesting insights regarding how it seems to have settled into a remarkably predictable pattern of spamming in the last few months - so regular that it may be possible to set your watch by it!  Every day at 8 a.m. GMT (3 a.m. ET) it begins to send out spam emails, continuing throughout the day, peaking at about midday GMT (7 a.m. ET), and then ceasing spamming at midnight GMT (7 p.m. ET).  It then rests for about eight hours, before the cycle begins again the following day.

Figure 1  - Rustock's New, Regular Spamming Pattern

Figure 2 - Typical Spam Output from Cutwail

This pattern of spamming for Rustock (Figure 1) began around July 6-12, 2009.  Prior to that, Rustock...

Daren Lewis | 29 Sep 2009 | 0 comments

Botnets are now responsible for distributing 87.9% of all spam, an increase of 2.9% since Q2 2009. With approximately 151 billion unsolicited messages each day being distributed by compromised computers, understanding who is responsible for such unprecedented levels is always of interest as, much like the threat landscape, the botnet landscape is ever changing. As highlighted in the latest analysis from MessageLabs Intelligence, the largest botnet now appears to be Rustock with an estimated 1.3 million to 1.9 million compromised computers in its control. However, estimated at half Rustock’s size, the most active botnet in terms of spam distribution is now the little-known botnet, Grum.

Both Grum and another botnet called Bobax have overtaken Cutwail as the most active spam-sending botnets, currently responsible for 23.2% and 15.7% of all spam respectively. Although significant in their own rights, their size and power highlight the dominance that Cutwail had in June...

Daren Lewis | 25 Sep 2009 | 0 comments

We've taken a closer look at spam on a regional/city basis in five large markets for September 2009, Just as we see differences in spam rates between countries we often see significant differences within countries:

  • The areas that are subjected to the highest levels of spam are generally those locations that are populated with a higher density of small-to-medium sized businesses. Similarly, the least spammed places are often home to some of the largest companies.
  • Between four million and six million computers scattered across the globe have been compromised by cybercriminals without the user’s knowledge. These computers now form robotic networks – Botnets, which are controlled by cybercriminals and used to send out more than 87% of all unsolicited mail, equating to approximately 151 billion emails a day
  • The global spam rate for September 2009 is 86.4 percent, but Canadian businesses are receiving more than their fair share, with levels...