Paris, La Défense, 13 mars 2012 – Symantec Corp. (Nasdaq: SYMC) today announced the findings of its February Symantec Intelligence Report, which shows a new wave of cyber-attacks designed to impersonate a well-known business mediation and arbitration service in North America.
Businesses are being targeted with emails purporting to originate from the US Better Business Bureau, socially engineered to suggest that a complaint had been filed against the organization and the details of the complaint could be found in the file attachment, which would lead to a PDF file that contains an embedded executable or a URL that leads to the malware.
“These attacks are reminiscent of similar incidents that were first reported in 2007, when C-level business executives were being targeted with emails that purported to originate from the US Better Business Bureau (BBB). The new wave of attacks bear similar social engineering techniques to the 2007 attacks, although recently the attackers are using considerably more advanced techniques, including server-side polymorphism, making them especially protean in nature,” said Paul Wood, cyber security intelligence manager, Symantec.
“Server-side polymorphism enables the attacker to generate a unique strain of malware for each use, in order to evade detection by traditional anti-virus security software. Scripts such as PHP are commonly used on the attacker’s Web site to generate the malicious code on-the-fly. Like the Greek sea-god, Proteus, the continually transforming nature of these attacks makes them very difficult to recognize and detect using more traditional signature-based defenses,” Wood said.
This month’s report also reveals that cyber criminals tapping into the zeitgeist was particularly noticeable in the week running-up to St. Valentine’s Day, as the volume of spam messages referencing the event rose by as much as three and a half times the daily average for that week. The volume started falling off again after February 14, with a late spike occurring on February 16, when almost 6 times the daily average volume of emails referencing the special day was recorded.
Other Report Highlights:
Spam: In February 2012, the global ratio of spam in email traffic fell by 1.0 percentage points since January 2011, to 68.0 percent (1 in 1.47 emails). This follows the continuing trend of global spam levels diminishing gradually since the latter part of 2011.
Phishing: In February, the global phishing rate increased by 0.01 percentage points, taking the global average rate to one in 358.1 emails (0.28 percent) that comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 274.0 emails (0.37 percent) in February, an increase of 0.03 percentage points since January 2011. In February, 27.4 percent of email-borne malware contained links to malicious Web sites, 1.6 percentage points lower than January 2011.
Web-based Malware Threats: In February, Symantec Intelligence identified an average of 2,305 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 9.7 percent since January 2011.
Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H. WS.Trojan.H is generic cloud-based heuristic detection for files that posses characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.
The February Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.
About Symantec Intelligence Report
The Symantec Intelligence report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from January and February 2012.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
spam, email threats, phishing, malware, phishing, malware, endpoint threats
01 41 45 43 15
Marjorie Lescure/ Audrey Goudet/ Nathalie Ayache / Charles Catherinot
01 56 69 75 09/ 67/ 05/23