Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Security Risks
Showing posts in English
MarissaVicario | 21 Jan 2010 | 2 comments

On the heels of having learned that Gumblar infected three Japanese websites late last year, MesageLabs Intelligence has tracked Gumblar’s latest activity which has been heavy over the past few days, especially on 17 January when it represented 25 percent of all malicious blocks.  Generally in January we have seen a small number of blocks each day: average blocks per day 46 (2.3 percent of malicious blocks).

gumblar1.gif

gumblar2.gif
Gumblar: malicious sites blocked by MessageLabs

Some general statistics

•    Since Feb 2009 MessageLabs Intelligence has made 36926 blocks of Gumblar on 4930 URLs across 2048 different domains
•    Originally the malware was served up via a malicious site called gumblar.cn in April 2009, and the threat was named after that...

Paul Wood | 20 Jan 2010 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

The Haiti earthquake happened at 21.53 GMT on Tues Jan 12.  It wasn’t long before we saw something related in spam, about 24 hours in fact. 

Spammers, almost without fail, produce spam campaigns containing text relating to virtually every major newsworthy event that is going on.  And also plenty of events that are in the news, that are not particularly global or exciting or even interesting sometimes.   The approaches that spammers frequently use when newsworthy events arise include:

1.    Spammers may just continue to send the same old spam campaigns, Pharmaceuticals, fertility drugs, watches or whatever.  But, if they include the latest news headlines in the subject or somewhere in the body, this works to grab the attention of the recipients and make it more likely they will open the spam and get drawn into whatever the...

MarissaVicario | 15 Jan 2010

On 31 December 2009 MessageLabs Intelligence began tracking a new botnet, named 'Lethic'. At that time, it accounted for 2.5 percent of all spam. On 1 January 2010 it rose to just under 4 percent of all spam and carried on at roughly around that level for another six days. On 8 January, it peaked at 5.25 percent of all spam (which is around 5.25 billion spam globally per day), then over the next 2 days its traffic dropped off to nothing and has yet to return.

The last spam MessageLabs Intelligence tracked from Lethic was received on the 9 January. This drop off is due to community action by Neustar and several ISPs and seems to have effectively 'killed' Lethic.

lethic stats.gif

The spam Lethic has been sending is roughly an even mix of Pharma (all linking to Canadian pharmacy websites as usual) and replica watches. The pharma websites linked to are all hosted in Beijing, the replica watch...

Paul Wood | 14 Jan 2010

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

People all over the world are currently feeling a great deal of sympathy for the people of Haiti, who were recently hit by a severe earthquake. Humanitarian aid is being offered by many countries around the globe, and aid charities are looking for donations so that they can send all the help they can.
 
And then there are people who don’t want to help and will use any means to try and get those donations. '419' advance fee fraud scams are common and the perpetrators are always looking for new attention-grabbing topics which will trick people into handing over their money. Something like the humanitarian crisis of the Haiti earthquake is, sadly, a prime target for these scammers. They count on the public’s good nature, concern, and desire to help, and hope that they won’t see through the scam email which they are reading. The desire to help...

Paul Wood | 14 Jan 2010 | 0 comments

This post is made on behalf of Nicholas Johnston, Senior Anti-Spam Engineer, Symantec Hosted Services.

Earlier today we saw a 419 or advance fee fraud scam claiming to be sent by Hassan Ali Abdul Mutallab, the brother of Umar Farouk Abdul Mutallab, who allegedly attempted to blow up Northwest Airlines flight 253 over Detroit on Christmas Day.

The message (see screenshot) has a subject of "Take my Salaam and respect", and the scammer purporting to be Umar Farouk Abdul Mutallab's brother claims he is looking for a "Muslim brother/sister" to help retrieve funds belonging to the alleged bomber. Without replying to scammer it's impossible to be sure exactly how the scam works, but we have every suspicion that it operates like most 419 scams. Before the non-existent money can be released, various increasingly inventive fees and charges have to be paid. These fees continue until the victim of the scam eventually realizes that they have no chance...

MarissaVicario | 23 Dec 2009 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Globally, for the past month, spam accounts for roughly 75 percent of all email in circulation. And about 75 percent of that spam is sent from one of the ten to 20 heavyweight botnets, which are huge networks of infected PCs, in some cases more than 1 million strong, sending spam 24/7.  The remaining 25 percent of spam is sent via some other technique such as

•    spam sent manually/automatically in large volumes using possibly thousands of newly generated, automatic CAPTCHA-broken, free webmail accounts

•    spam sent manually/automatically using a compromised private webmail account e.g. a company webmail, university webmail etc

•    spam sent manually/automatically using servers with a weak SMTP AUTH password, which the spammers have guessed

•    spam sent manually/automatically...

MarissaVicario | 23 Dec 2009 | 4 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Globally, for the past month, spam accounts for roughly 75 percent of all email in circulation. And about 75 percent of that spam is sent from one of the ten to 20 heavyweight botnets, which are huge networks of infected PCs, in some cases more than 1 million strong, sending spam 24/7.  The remaining 25 percent of spam is sent via some other technique such as:

•    spam sent manually/automatically in large volumes using possibly thousands of newly generated, automatic CAPTCHA-broken, free webmail accounts
•    spam sent manually/automatically using a compromised private webmail account e.g. a company webmail, university webmail etc
•    spam sent manually/automatically using servers with a weak SMTP AUTH password, which the spammers have guessed
•    spam sent manually/automatically via...

MarissaVicario | 21 Dec 2009 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Symantec Hosted Web Security Service blocks millions of web requests every day to protect employees from content that is either against company policy, or malicious.  In a typical week Messagelabs Intelligence performs 50 million blocks on 10 million distinct URLs for several thousand clients.  That’s tens of thousands of blocks per client per week.  

99.95% of blocked URLs are policy based. Of these, by far the greatest proportion is for advertising, mostly pop-up ads or auto-forwarding to ads.  Also, Messagelabs Intelligence blocks sites related to Games, Chat, Personals & Dating, Adult/Sexually Explicit material, Violence, Tasteless & Offensive material, Weapons, Criminal Activity, Gambling, Illegal Drugs and so on.  Clients have full control over what they consider to be against company policy.  Each day, roughly 39% of clients have...

MarissaVicario | 16 Dec 2009 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

“Pump-and-dump” stock spamming is a technique that has been around for a long time now, where spammers attempt to artificially raise the price of a particular company’s shares. It was extremely popular throughout 2007 and the early part of 2008, but after that it dropped off to almost nothing. However, on the 14th December it returned in large volumes, being sent out by the Donbot botnet. Throughout 2009 there has been very little ‘stock spam,’but when Donbot ramped up its activity on the December 14, it pump and dump scams shot up to over 4.5% of spam for that day, which is an estimated 5 billion messages globally (based on the Symantec average daily spam volume estimate for 2009), in just one day.

20091216_pumpanddump_01.gif

The purpose of these “pump-and-dump” emails...

MarissaVicario | 14 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

Without a doubt, 2009 was the Year of the Botnet. As reported in the MessageLabs Intelligence Annual Report, by the end of 2009, 83.4 percent of spam originated from botnets. While each botnet varies in size and has its own unique characteristics and capabilities, one thing they share in common is the ability to spam in large quantities.

With approximately 151 billion unsolicited messages each day being distributed by compromised computers, understanding who is responsible for such unprecedented levels is always of interest to MessageLabs Intelligence, much like the threat landscape, the botnet landscape is ever changing.
The top botnets of 2009 are listed in this table with two recent newcomers – Maazben and Festi.

...