Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts in English
MarissaVicario | 23 Dec 2009 | 4 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Globally, for the past month, spam accounts for roughly 75 percent of all email in circulation. And about 75 percent of that spam is sent from one of the ten to 20 heavyweight botnets, which are huge networks of infected PCs, in some cases more than 1 million strong, sending spam 24/7.  The remaining 25 percent of spam is sent via some other technique such as:

•    spam sent manually/automatically in large volumes using possibly thousands of newly generated, automatic CAPTCHA-broken, free webmail accounts
•    spam sent manually/automatically using a compromised private webmail account e.g. a company webmail, university webmail etc
•    spam sent manually/automatically using servers with a weak SMTP AUTH password, which the spammers have guessed
•    spam sent manually/automatically via...

MarissaVicario | 21 Dec 2009 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Symantec Hosted Web Security Service blocks millions of web requests every day to protect employees from content that is either against company policy, or malicious.  In a typical week Messagelabs Intelligence performs 50 million blocks on 10 million distinct URLs for several thousand clients.  That’s tens of thousands of blocks per client per week.  

99.95% of blocked URLs are policy based. Of these, by far the greatest proportion is for advertising, mostly pop-up ads or auto-forwarding to ads.  Also, Messagelabs Intelligence blocks sites related to Games, Chat, Personals & Dating, Adult/Sexually Explicit material, Violence, Tasteless & Offensive material, Weapons, Criminal Activity, Gambling, Illegal Drugs and so on.  Clients have full control over what they consider to be against company policy.  Each day, roughly 39% of clients have...

Paul Wood | 17 Dec 2009 | 1 comment

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

MP3 Spam Returns to Attract Recipients to Canadian Pharmacy Website

I remember the excitement in the MessageLabs anti-spam team when the first spam with an MP3 file was intercepted, back on 18 October 2007.  At that time we were watching particularly carefully for the appearance of new file types in spam.  Image spam had been huge over the Summer of 2007, especially images containing randomised pixels (an attempt to bypass traditional signature-based detection).  Later in the same year, PDF files were also being used as well as some other file types that hadn’t been seen in spam before.  At that time it seemed as though spammers were keen to explore the use of new attachment types; anything to keep their spam runs varied and shifting. 

Today of course, we still see various file formats being used in spam messages, but not nearly...

MarissaVicario | 16 Dec 2009 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

“Pump-and-dump” stock spamming is a technique that has been around for a long time now, where spammers attempt to artificially raise the price of a particular company’s shares. It was extremely popular throughout 2007 and the early part of 2008, but after that it dropped off to almost nothing. However, on the 14th December it returned in large volumes, being sent out by the Donbot botnet. Throughout 2009 there has been very little ‘stock spam,’but when Donbot ramped up its activity on the December 14, it pump and dump scams shot up to over 4.5% of spam for that day, which is an estimated 5 billion messages globally (based on the Symantec average daily spam volume estimate for 2009), in just one day.


The purpose of these “pump-and-dump” emails...

MarissaVicario | 14 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

Without a doubt, 2009 was the Year of the Botnet. As reported in the MessageLabs Intelligence Annual Report, by the end of 2009, 83.4 percent of spam originated from botnets. While each botnet varies in size and has its own unique characteristics and capabilities, one thing they share in common is the ability to spam in large quantities.

With approximately 151 billion unsolicited messages each day being distributed by compromised computers, understanding who is responsible for such unprecedented levels is always of interest to MessageLabs Intelligence, much like the threat landscape, the botnet landscape is ever changing.
The top botnets of 2009 are listed in this table with two recent newcomers – Maazben and Festi.


MarissaVicario | 11 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

I never like to dwell on the past. But as I reflect more on what an eventful year 2009 has been, there are some highlights worth noting. I don’t look at it as dwelling as much as I do learning from the past to further build and tone our Intelligence muscle.

Based on the MessageLabs Intelligence 2009 Annual Security Report, below are the security highlights of 2009.

2009 Highlights

Notable ISP Shutdowns : The shutdown of botnet hosting ISPs, such as McColo in late 2008 and Real Host in August 2009 appeared to make botnets re-evaluate and enhance their command and control backup strategy to enable recovery to take hours, rather than weeks or months.

Botnets Ruled the Threat Landscape: Botnets continued to rule the cyber security landscape...

Daren Lewis | 09 Dec 2009 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst

Financial organizations undergo frequent changes from the point of view of their customers, whether it’s a change to security processes, takeovers, re-branding, new products and so on.  Phish emails often contain generic messages like ‘Account Suspended’ or ‘Update your account details’, but when a change such as this takes place, the perpetrators of the attacks are quick to react and try to convince unfortunate victims to part with their login details.  Attackers know that if they refer to things in the message that customers are familiar with, perhaps from real communications with the imitated organisation, then the target is slightly more likely to fall into the trap, and part with their precious personal details.  For example, last year, with the credit crisis in full swing, and banks closing, re-branding, being taken over, MessageLabs...

MarissaVicario | 08 Dec 2009 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

A few weeks ago, when Symantec announced our 2010 Predictions, I stated in my accompanying blog post that what we’ve seen this year was ugly (highlight with link to post). As I’ve worked with my team to draft the MessageLabs Intelligence Annual Security Report, I now realize that was an understatement. What we’ve  seen this year is in fact horrendous. But nevertheless, it keeps us on our toes as we scan billions of messages and web connections each week.

While we’re always prepared for the worst, we can only anticipate what that may be. Looking back on it all in aggregation, is always a stern reminder that the bad guys are capable of more than we often give them credit for.

In 2009, we stopped more than 21 million different types of spam...

Paul Wood | 19 Nov 2009 | 0 comments

This post is made on behalf of my colleague Mat Nisbet, Malware Analyst for Symantec Hosted Services.

As of November 18, we have noticed a huge jump in the number of spam e-mails that contain a link to Twitter. Normally there is a tiny fraction of a percent, but on November 18 it jumped to 4 percent of all spam. This new surge is entirely from the DonBot botnet.


The apparent aim of these e-mails is to get people to fall for “get rich by working at home” schemes where the victim is encouraged to pay an initial fee for a trial and then sit back and watch the cash come in. Though easily stopped by us, this new run of spam uses a number of techniques to attempt to get past basic filters. Firstly, the body of the e-mail is simply an image (of a fake newspaper article), to try and get past text-based signatures.


Paul Wood | 18 Nov 2009 | 1 comment

This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.

We concurred that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.

That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys. So without further ado, I present to you Symantec’s 2010 Security Predictions.