Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
MarissaVicario | 21 Jan 2010 | 2 comments

On the heels of having learned that Gumblar infected three Japanese websites late last year, MesageLabs Intelligence has tracked Gumblar’s latest activity which has been heavy over the past few days, especially on 17 January when it represented 25 percent of all malicious blocks.  Generally in January we have seen a small number of blocks each day: average blocks per day 46 (2.3 percent of malicious blocks).


Gumblar: malicious sites blocked by MessageLabs

Some general statistics

•    Since Feb 2009 MessageLabs Intelligence has made 36926 blocks of Gumblar on 4930 URLs across 2048 different domains
•    Originally the malware was served up via a malicious site called in April 2009, and the threat was named after that...

MarissaVicario | 15 Jan 2010

On 31 December 2009 MessageLabs Intelligence began tracking a new botnet, named 'Lethic'. At that time, it accounted for 2.5 percent of all spam. On 1 January 2010 it rose to just under 4 percent of all spam and carried on at roughly around that level for another six days. On 8 January, it peaked at 5.25 percent of all spam (which is around 5.25 billion spam globally per day), then over the next 2 days its traffic dropped off to nothing and has yet to return.

The last spam MessageLabs Intelligence tracked from Lethic was received on the 9 January. This drop off is due to community action by Neustar and several ISPs and seems to have effectively 'killed' Lethic.

lethic stats.gif

The spam Lethic has been sending is roughly an even mix of Pharma (all linking to Canadian pharmacy websites as usual) and replica watches. The pharma websites linked to are all hosted in Beijing, the replica watch...

MarissaVicario | 30 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

Happy New Year! The uncertainty of what 2010 will bring news-wise is exactly what makes the spam landscape, well, interesting and unpredictable. Although we can predict general threat trends as we have in our 2010 Security Predictions, we can never foresee spam’s entire future which makes everyday a virtual crap-shoot – to an extent – for our MessageLabs Intelligence Team.

Let’s take a look back at the events that shaped the 2009 spam landscape:

The global credit crisis and the election of US President Barack Obama provided two major themes to much of the spam blocked in early 2009. Other events, festivities and news stories also contributed to many spam themes in 2009, including:

•    St. Valentine’s Day on...

MarissaVicario | 21 Dec 2009 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Symantec Hosted Web Security Service blocks millions of web requests every day to protect employees from content that is either against company policy, or malicious.  In a typical week Messagelabs Intelligence performs 50 million blocks on 10 million distinct URLs for several thousand clients.  That’s tens of thousands of blocks per client per week.  

99.95% of blocked URLs are policy based. Of these, by far the greatest proportion is for advertising, mostly pop-up ads or auto-forwarding to ads.  Also, Messagelabs Intelligence blocks sites related to Games, Chat, Personals & Dating, Adult/Sexually Explicit material, Violence, Tasteless & Offensive material, Weapons, Criminal Activity, Gambling, Illegal Drugs and so on.  Clients have full control over what they consider to be against company policy.  Each day, roughly 39% of clients have...

MarissaVicario | 14 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

Without a doubt, 2009 was the Year of the Botnet. As reported in the MessageLabs Intelligence Annual Report, by the end of 2009, 83.4 percent of spam originated from botnets. While each botnet varies in size and has its own unique characteristics and capabilities, one thing they share in common is the ability to spam in large quantities.

With approximately 151 billion unsolicited messages each day being distributed by compromised computers, understanding who is responsible for such unprecedented levels is always of interest to MessageLabs Intelligence, much like the threat landscape, the botnet landscape is ever changing.
The top botnets of 2009 are listed in this table with two recent newcomers – Maazben and Festi.


MarissaVicario | 11 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

I never like to dwell on the past. But as I reflect more on what an eventful year 2009 has been, there are some highlights worth noting. I don’t look at it as dwelling as much as I do learning from the past to further build and tone our Intelligence muscle.

Based on the MessageLabs Intelligence 2009 Annual Security Report, below are the security highlights of 2009.

2009 Highlights

Notable ISP Shutdowns : The shutdown of botnet hosting ISPs, such as McColo in late 2008 and Real Host in August 2009 appeared to make botnets re-evaluate and enhance their command and control backup strategy to enable recovery to take hours, rather than weeks or months.

Botnets Ruled the Threat Landscape: Botnets continued to rule the cyber security landscape...

MarissaVicario | 08 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

A few weeks ago, when Symantec announced our 2010 Predictions, I stated in my accompanying blog post that what we’ve seen this year was ugly (highlight with link to post). As I’ve worked with my team to draft the MessageLabs Intelligence Annual Security Report, I now realize that was an understatement. What we’ve  seen this year is in fact horrendous. But nevertheless, it keeps us on our toes as we scan billions of messages and web connections each week.

While we’re always prepared for the worst, we can only anticipate what that may be. Looking back on it all in aggregation, is always a stern reminder that the bad guys are capable of more than we often give them credit for.

In 2009, we stopped more than 21 million different types of spam...