Video Screencast Help
Symantec Intelligence
Showing posts tagged with Malware
Showing posts in English
Paul Wood | 06 Dec 2011 | 1 comment

Global spam is now at the lowest it has been since November 2008, when the rogue ISP McColo was closed-down. The effect on spam volumes back then were very dramatic and spam accounted for 68.0% of global emails. More recently the decline has been much slower, but spammers have also adapted to using more targeted approaches and exploiting social media as alternatives to email. Moreover, pharmaceutical spam is now at the lowest it has been since we started tracking it, accounting for 35.5% of spam, compared with 64.2% at the end of 2010.

With targeted attacks and advanced persistent threats being very much in the news this year, we thought it would be a good time as the end of the year draws closer to begin our review of targeted attacks and look more closely at what has been described as “advanced persistent threats” or APTs for short. Terms such as APT have been overused and sometimes misused by the media, but APTs are a real threat to some companies and...

Paul Wood | 27 Apr 2011 | 0 comments

Posted on behalf of Martin Lee, Senior Software Engineer, Symantec.cloud

 

Targeted attacks are bespoke pieces of malware that are sent to email addresses that appear to have been specially selected by the attacker.  In this way they differ from the rest of email malware that are sent in large numbers without apparent regard to the recipient. In this way non-targeted attacks appear to be designed to infect as many computers as possible, whereas targeted attacks appear to be designed to attack the computers of specifically targeted individuals presumably either to extract information that is valuable to the attacker or to act as a launching pad for further attacks within an organisation.

The targeted malware itself often exploits ‘0’ day or the most recent vulnerabilities. The low copy-numbers in which these malwares are sent and their sophistication means that they are often not detected by traditional anti-virus techniques and...

Paul Wood | 15 Apr 2011 | 0 comments

Posted on behalf of Mat Nisbet, Malware Analyst, Symantec.cloud

On the 16th of March Rustock, the largest of the spamming botnets, was taken down. As you would expect,  global spam levels started to drop, as can be seen when you look at the number of mails being delivered  to one of our spamtraps.

However, on the 26th March we saw a large increase in the amount of data traffic hitting our spamtraps,  despite the number of actual emails continuing to decline.

Investigation revealed that the reason for this was that the Cutwail botnet had started sending much  more emails with zip file attachments than normal, meaning the average size of each mail was much  higher than normal. The chart below shows that there have been a couple of spikes in early March, which  may have...

Paul Wood | 06 Apr 2011 | 0 comments

Posted on behalf of Jason Zhang and Joseph Rabaiotti, Malware Research Analysts, Symantec.cloud

 

Portable document format (PDF) is one of the most commonly used file formats with which to exchange electronic documents across platforms and applications. Because of its popularity, it has been heavily used in both targeted and non-targeted attacks, as reported by MessageLabs Intelligence Monthly Report (PDF) in February 2011 and a blog post in January 2011. According to the report, PDFs now account for a larger proportion of document-based targeted attacks; in 2009 approximately 52.6% of targeted attacks used PDF exploits, compared with 65.0% in 2010.

In 2011, we have seen no sign of slowing down of this trend, more recently the attacks have widened to include...