Sydney – 27 January 2012– Symantec Corp. (Nasdaq: SYMC) today announced the findings of its January Symantec Intelligence Report, which shows that spammers are using holidays and major events to make their mail more appealing.
Symantec Intelligence has seen more than 10,000 unique domain names compromised with a redirect script written in PHP that contains a reference to the New Year in the file name. These redirect scripts were hosted on compromised websites. Links to these were included in spam emails, which were subsequently blocked by Symantec.cloud.
To further entice recipients to open their messages, spammers used additional social engineering techniques by including parameters in the URL to suggest that the destination was a social networking site.
Symantec Intelligence expects to see spammers taking advantage of other upcoming "calendar events" with one of the most important traditional Chinese New Year celebrations starting this week and continuing for several days, as well as the fast-approaching Valentine's Day.
"We also expect to see plenty of spam and malware taking advantage of some of the major upcoming sporting events this year. We are already seeing references to the Summer Olympics in London as part of 419 or advance fee fraud messages," said Paul Wood, senior intelligence analyst, Symantec.
"By relating their messages to widely-celebrated holidays and current events with global interest, spammers and malware authors can (at first glance at least) make their messages more interesting, and increase the chance of recipients visiting spam websites or becoming infected," Wood said.
During December, global spam levels dropped, but in January gradually returned to similar levels as in November 2011, which is still lower than the 2011 average.
Other Report Highlights
Spam: In January 2012, the global ratio of spam in email traffic rose by 1.3 percentage points since December 2011, to 69.0 percent (1 in 1.45 emails). This follows a more noticeable drop in December when spam fell by 2.8 percentage points to 67.7 percent. The recent increase means that spam has almost returned to the same level as in November 2011.
Phishing: In January, the global phishing rate increased by 0.06 percentage points, taking the average to one in 370.0 emails (0.27 percent) that comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 295.0 emails (0.33 percent) in January, a decrease of 0.02 percentage points since December 2011. In January, 29.0 percent of email-borne malware contained links to malicious websites, unchanged since December 2011.
Web-based Malware Threats: January saw an average of 2,102 websites each day harbouring malware and other potentially unwanted programs including spyware and adware; a decrease of 77.4 percent since December 2011.
Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H. WS.Trojan.H is generic cloud-based heuristic detection for files that posses characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.
- Saudi Arabia became the most spammed geography in January; with a spam rate of 75.5 percent.
- China was the second most-spammed with 75.0 percent of email traffic blocked as spam.
- In the US, 69.0 percent of email was spam and 68.7 percent in Canada.
- The spam level in the UK was 69.3 percent.
- In The Netherlands, spam accounted for 70.7 percent of email traffic, 68.2 percent in Germany, 69.1 percent in Denmark and 68.6 percent in Australia.
- In Hong Kong, 67.5 percent of email was blocked as spam and 66.7 percent in Singapore, compared with 65.6 percent in Japan.
- Spam accounted for 69.5 percent of email traffic in South Africa and 73.1 percent in Brazil.
- The Netherlands became the country most targeted for phishing attacks in January, with one in 62.6 emails identified as phishing messages.
- The UK was the second most targeted country, with one in 179.4 emails identified as phishing attacks.
- Phishing levels for the US were one in 1,145 and one in 379.9 for Canada.
- In Germany phishing levels were one in 797.6 and one in 330.9 in Denmark.
- In Australia, phishing activity accounted for one in 542.2 emails and one in 942.9 in Hong Kong; for Japan it was one in 5,692 and one in 1,156 for Singapore.
- In Brazil one in 1,007 emails was blocked as phishing.
- The Netherlands had the highest ratio of malicious emails in January, with one in 61.4 emails identified as malicious.
- The UK had the second highest rate, with one in 169.1 emails identified as malicious.
- In South Africa, one in 305.9 emails was blocked as malicious.
- The virus rate for email-borne malware in the US was one in 592.5 and one in 285.4 in Canada.
- In Germany virus activity reached one in 471.7 and one in 318.1 in Denmark.
- In Australia, one in 327.9 emails was malicious.
- For Japan the rate was one in 1,573, compared with one in 482.9 in Singapore.
- In Brazil, one in 681.7 emails contained malicious content.
- The Education sector became the most spammed industry sector in January, with a spam rate of 71.0 percent.
- The spam rate for the Chemical & Pharmaceutical sector was 69.0 percent, compared with 68.7 percent for IT Services, 68.4 percent for Retail, 68.9 percent for Public Sector and 68.2 percent for Finance.
- The Public Sector remained the most targeted by phishing activity in January, with one in 99.1 emails comprising a phishing attack.
- Phishing levels for the Chemical & Pharmaceutical sector reached one in 838.0 and one in 647.8 for the IT Services sector, one in 529.4 for Retail, one in 169.4 for Education and one in 253.7 for Finance.
- With one in 90.2 emails being blocked as malicious, the Public Sector remained the most targeted industry in January.
- The virus rate for the Chemical & Pharmaceutical sector reached one in 381.3 and one in 399.4 for the IT Services sector; one in 407.1 for Retail, one in 138.3 for Education and one in 236.7 for Finance.
The January Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.
Connect with Symantec
About the Symantec Intelligence Report
The Symantec Intelligence report combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from December 2011 and January 2012.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
spam, email threats, phishing, malware, phishing, malware, endpoint threats