Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Online Backup
Showing posts in English
Daren Lewis | 15 Sep 2009 | 0 comments

For the bad guys, it can be a costly exercise to produce new families of malware in order to maintain their criminal activity at sufficient levels. Registering new domains is much more economical for them, and by spreading the malware across as many different websites and domains as possible, the longevity of each new malware is increased. When employing server-side polymorphism, the same family of malware code may be packaged differently into new strains, automatically and dynamically, each time it is accessed. This requires a different anti-virus signature each time in order to detect it accurately. These approaches combined with the use of “bullet-proof” hosting services and “fast-flux” hosting means that criminals can ensure that malicious websites are not taken down quickly in response to complaints.

In many cases the organized criminals often have highly automated techniques in place that require little or no monitoring, and their systems are...

Daren Lewis | 15 Sep 2009 | 0 comments

In early August, a number of very well-known social networking websites were reported to be victims of distributed denial of service (DDoS) attacks. The attacks appear to be linked with a “Joe Job” style spam run against an anti-Russian blogger. A “Joe Job” is a spam technique that spoofs the From: email address using a real email address (i.e. an unsuspecting victim) to make it appear as though that person was responsible for the email.

The spam run, as far as MessageLabs Intelligence can determine, was estimated at less than one percent of all spam at that time and distributed from a currently unclassified botnet. The run was significantly smaller compared with some of the more recent spam runs, such as the URL-shortening attacks from Donbot.  

Although it is presumed that this spam run contributed to the DDoS attacks on these social networking websites, it is unlikely that this run alone could have caused all the reported disruption,...

Daren Lewis | 15 Sep 2009 | 0 comments

Over the past two months, MessageLabs Intelligence has been tracking the rise of URL-shortening services appearing in spam emails. With so many of these legitimate services available on the internet, many are being routinely abused by spammers, so much so that many have been forced to close, leaving users with indignant messages explaining why, for example in Figure 1 and Figure 2, below.

Figure 1 - URL shortening website abused by spammers

Figure 2 - URL shortening website temporarily closed due to spam abuse

Spam runs containing many new shortened-URLs continued through July and August, with a peak of activity on 26 July at 9.25% of all spam, equivalent  to more than 10 billion spam messages per day worldwide. This can be seen in Figure 3.


Daren Lewis | 15 Sep 2009 | 0 comments

Real Host, an ISP based in Riga, Latvia was alleged to be linked to command-and-control servers for infected botnet computers, as well as being linked to malicious websites, phishing websites and “rogue” anti-virus products.  Real Host was disconnected by its upstream providers on 1 August 2009. The impact was immediately felt, as can be seen in Figure 1, where spam volumes dropped briefly by as much as 38% in the subsequent 48-hour period. 

Much of this spam was linked to the Cutwail botnet, currently one of the largest botnets and responsible for approximately 15-20% of all spam. Its activity levels fell by as much as 90% when Real Host was taken offline, but quickly recovered in a matter of days.

Figure 1 shows the relative proportion of spam originating from the five major botnets globally during the period of this attack: Cutwail, Xarvester, Rustock, Mega-D, and Donbot. The scale used is a relative index based on the relative volumes and...

Daren Lewis | 15 Sep 2009 | 0 comments

The most common trigger for policy-based filtering applied by the MessageLabs Web Security Service for its business clients was the “Advertisements & Popups” category, down by 2.07% since July, to 58.03% in August.

Analysis of web security activity shows that 45.4% of all web-based malware intercepted was new in August, an increase of 44.7% since July, and 19.5% of web-based spyware was new, a 0.01% decrease since the previous month.

An average of 3,510 websites per day were identified as harboring malware and other potentially unwanted programs such as spyware and adware; a decrease of 2.9% since July.

The chart below shows the increase in the number of new spyware and adware websites blocked each day on average during August compared with the equivalent number of web-based malware websites blocked each day.


Daren Lewis | 15 Sep 2009 | 0 comments

Spam: In August 2009, the global ratio of spam in email traffic was down by 0.9% from the previous month at 88.5% (1 in 1.13 emails).

Hong Kong was the most spammed country in August although levels fell by 0.8% to 93.4% Spam levels in the US and Canada rose to 89.5% and 88.7% respectively. The majority of other countries saw a decline in August with levels in the UK falling to 91.6%, Germany to 90.4%, France to 90.7%, and The Netherlands to 86.3%. Levels in Australia and Japan declined to 90.6% and 89.2% respectively.

Anti-Virus and Trojans: The global ratio of email-borne viruses in email traffic was 1 in 296.6 emails (0.34%) in August, almost unchanged since July.

In August, 14.8% of email-borne malware contained links to malicious websites, a decrease of 0.4% since July. Spoofed postcard mails were responsible for 21.3...

Daren Lewis | 14 Sep 2009 | 0 comments

Welcome to the new MessageLabs Intelligence blog. For a decade the MessageLabs team has been protecting our clients against internet threats. With services across multiple communication channels – email, IM and web – we see billions of connections per day and have a unique view of the challenges of conducting your business online. Now as part of Symantec we will be highlighting our understanding of the threat landscape, emerging threats and other business challenges that our hosted services address. We will also give you insight into our plans to help our clients deal with these issues through enhancements to our existing services and new innovations.