Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Evolution of Security
Showing posts in English
MarissaVicario | 30 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

Happy New Year! The uncertainty of what 2010 will bring news-wise is exactly what makes the spam landscape, well, interesting and unpredictable. Although we can predict general threat trends as we have in our 2010 Security Predictions, we can never foresee spam’s entire future which makes everyday a virtual crap-shoot – to an extent – for our MessageLabs Intelligence Team.

Let’s take a look back at the events that shaped the 2009 spam landscape:

The global credit crisis and the election of US President Barack Obama provided two major themes to much of the spam blocked in early 2009. Other events, festivities and news stories also contributed to many spam themes in 2009, including:

•    St. Valentine’s Day on...

Paul Wood | 17 Dec 2009 | 1 comment

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

MP3 Spam Returns to Attract Recipients to Canadian Pharmacy Website

I remember the excitement in the MessageLabs anti-spam team when the first spam with an MP3 file was intercepted, back on 18 October 2007.  At that time we were watching particularly carefully for the appearance of new file types in spam.  Image spam had been huge over the Summer of 2007, especially images containing randomised pixels (an attempt to bypass traditional signature-based detection).  Later in the same year, PDF files were also being used as well as some other file types that hadn’t been seen in spam before.  At that time it seemed as though spammers were keen to explore the use of new attachment types; anything to keep their spam runs varied and shifting. 

Today of course, we still see various file formats being used in spam messages, but not nearly...

MarissaVicario | 11 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

I never like to dwell on the past. But as I reflect more on what an eventful year 2009 has been, there are some highlights worth noting. I don’t look at it as dwelling as much as I do learning from the past to further build and tone our Intelligence muscle.

Based on the MessageLabs Intelligence 2009 Annual Security Report, below are the security highlights of 2009.

2009 Highlights

Notable ISP Shutdowns : The shutdown of botnet hosting ISPs, such as McColo in late 2008 and Real Host in August 2009 appeared to make botnets re-evaluate and enhance their command and control backup strategy to enable recovery to take hours, rather than weeks or months.

Botnets Ruled the Threat Landscape: Botnets continued to rule the cyber security landscape...

Paul Wood | 19 Nov 2009 | 0 comments

This post is made on behalf of my colleague Mat Nisbet, Malware Analyst for Symantec Hosted Services.

As of November 18, we have noticed a huge jump in the number of spam e-mails that contain a link to Twitter. Normally there is a tiny fraction of a percent, but on November 18 it jumped to 4 percent of all spam. This new surge is entirely from the DonBot botnet.


The apparent aim of these e-mails is to get people to fall for “get rich by working at home” schemes where the victim is encouraged to pay an initial fee for a trial and then sit back and watch the cash come in. Though easily stopped by us, this new run of spam uses a number of techniques to attempt to get past basic filters. Firstly, the body of the e-mail is simply an image (of a fake newspaper article), to try and get past text-based signatures.


Paul Wood | 18 Nov 2009 | 1 comment

This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.

We concurred that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.

That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys. So without further ado, I present to you Symantec’s 2010 Security Predictions.

Paul Wood | 14 Oct 2009 | 0 comments

This post is made on behalf of my colleague Manoj Venugopalan, Malware Analyst for Symantec Hosted Services.

AutoIT, a free automation language for Windows platform-based development, is often used for scripting Windows-based applications and sometimes misused for creating malware. AutoIT scripts can be compiled into a compressed, standalone executable which will run without an interpreter. Auto2Exe is the application used to compile the AutoIT script into a standalone executiable.

Most of the malware based on AutoIT is in the form of worms and Trojans. Many such worms are well-known for logging into a user's IM client, changing their status message and then sending copies of the malware to all of the "buddies" in the victim's list.

MessageLabs Intelligence recently discovered an AutoIT Trojan using IRC (online chat) to connect an infected machine to a command and control channel without the user's knowledge. The malware is...

Paul Wood | 06 Oct 2009 | 0 comments

Further analysis of Rustock reveals some interesting insights regarding how it seems to have settled into a remarkably predictable pattern of spamming in the last few months - so regular that it may be possible to set your watch by it!  Every day at 8 a.m. GMT (3 a.m. ET) it begins to send out spam emails, continuing throughout the day, peaking at about midday GMT (7 a.m. ET), and then ceasing spamming at midnight GMT (7 p.m. ET).  It then rests for about eight hours, before the cycle begins again the following day.

Figure 1  - Rustock's New, Regular Spamming Pattern

Figure 2 - Typical Spam Output from Cutwail

This pattern of spamming for Rustock (Figure 1) began around July 6-12, 2009.  Prior to that, Rustock...