Internet ThreatsTrend Report  The October 2011 Internet Threat      Report is now available!         Click here to viewJul...
July 2011 Threat Report         The following is a condensed version             of the July 2011 Commtouch            Int...
July 2011 Threat Report1 Key Highlights 2 Feature     Where did all the spam go?                Spam, Malware, Web Securit...
Key Highlights for Q2 2011
Key Security HighlightsAverage daily spam/phishing        emails sent          113 billionAverage daily spam down from Q1 ...
Key Security Highlights        Zombie daily turnover          377,000 Zombies Number of zombies turned off and ondaily - u...
Key Security Highlights              Most popular blog topic on              user generated content sites(No Change)      ...
Key Security Highlights    Most popular spam topic          Pharmacy AdsWhile it was the most popular spam topic, it was d...
Key Security Highlights              Country with the               most Zombies(No Change)       India      India continu...
Key Security HighlightsWebsite category most likely tobe compromised with malware     Pornography and sexually     explici...
Feature…  Where did all the spam go?
Q2 2011 Spam Trends         • Q2 spam was at its lowest level in 3 years                     • June’s spam level (106 bill...
Q2 2011 Spam Trends      Spam Levels & Spam Percentage                  March - June, 2011MAR                APR          ...
Q2 2011 Spam Trends• Indications are that spammer tactics are  changing  • Mid-March 2011 Microsoft led takedown of the   ...
Q2 2011 Spam Trends• Other changes in Q2 spam activity  • Rustock takedown followed by large increases in    email-borne m...
Q2 2011 Spam Trends    Analysis of Compromised AccountsA percentage of emails from Gmail and Hotmail actually comefrom gen...
Q2 2011 Spam TrendsAnalysis:   Things are different this time as            spammers are changing their            tactics...
Trends in Q2 2011…  Spam Trends
Spam Trends         Spam Sending DomainsCommtouch monitors domains used by spammers inthe “from” field of the spam emails,...
Spam TrendsTop Faked Spam Sending Domains*                           • NOTE “ups.com” in 14th place                       ...
Spam Trends                    Spam Topics• Pharmacy spam remained in the top spot but dropped to  only 24% (down from 28%...
Spam Trends• Q2 2011 also saw the emergence of e-cigarette  spam    French email above promotes health benefits of e-cigar...
Trends in Q2 2011…  Malware
Q2 2011 Malware Trends• End of Q1 2011  • Enormous outbreaks of email-borne malware    (up to 30% of global email traffic)...
Examples of MalwareAttack:    IRS Payment RejectedPurpose: Most likely password theftHow it works:  • Email appears to be ...
Examples of Malware• Links lead to one of 2,500 domains registered  in the 48 hours before the attack• Upon pressing the l...
Examples of Malware AttacksAttack:   PDF MalwarePurpose: Capture keystrokes and browser activityHow it works:  • Targets f...
Examples of Malware AttacksEmail with attachment                                      Fake PDF file and reader
Malware Trends               Top 10 Malware of Q2 2011Rank   Malware name                Rank   Malware name 1     IFrame....
Malware Trends  Read about more Malware attacks in the    complete July 2011 Threat Report athttp://www.commtouch.com/thre...
Trends in Q2 2011…  Web Security
Q2 Threats       Facebook’s vast and ever-increasing user       base continues to attract cybercriminalsThe Pros:• Trusted...
Q2 Facebook Threats         Exploits in Q2 2011Several techniques combined with socialengineering elements were used tocom...
Q2 Facebook ThreatsExample: Osama Bin Laden death exploited by         Affiliate Marketing Groups• Goal of exploit:    Aff...
Q2 Facebook Threats                                             Osama Bin Laden Affiliate                           4     ...
Q2 Facebook ThreatsOsama Bin Laden – users run this script
Q2 Facebook ThreatsAdditional Facebook exploits in Q2:  • See who’s been viewing your profile  • Free Facebook credits  • ...
Other trends in Q2 2011…  Compromised Websites
Compromised Websites     Trends in Compromised Websites• Compromised websites being used to hide  phishing pages and malwa...
Compromised WebsitesExample: iPhone 5 Virus (May 2011)• Malicious email  distributed with promise  of details regarding so...
Compromised WebsitesExample: iPhone 5 Virus (May 2011)• Examination of the link reveals malware is hidden  inside a compro...
Compromised WebsitesWebsite categories infected with malware                   Rank               Category                ...
Compromised Websites Download the complete July 2011 Internet   Threats Trend Report for more details        on Compromise...
Other trends in Q2 2011…  Phishing Trends
Phishing Trends         Phishing Trends• Phishing attacks continued to target   • Local and global banks   • Web email use...
Phishing Trends           Example – Facebook Phishing Page• Users asked to enter  their credentials to  overcome a securit...
Phishing Trends             Improved Phishing Sites• In an attempt to provide protection from  keyloggers, some financial ...
Phishing Trends          Improved Phishing SitesFake Abu Dhabi Commercial Bank (ADCB) site complete withreproduced virtual...
Compromised WebsitesWebsite categories infected with phishing                   Rank               Category               ...
Phishing TrendsDownload the complete July 2011 Internet Threats   Trend Report for more details on Phishing www.commtouch....
Trends in Q2 2011…  Zombie Trends
Zombie Trends           Daily Turnover of Zombies in Q2• Average of 377,000 zombies newly activated each  day for maliciou...
Zombie Trends    Worldwide Zombie Distribution in Q2                                                    Source: Commtouch•...
Zombie Trends                 Zombies and IPv6• As IPv4 addresses reach exhaustion, IPv6 addresses  will begin to become m...
Zombie Trends               Zombies and IPv6• Commtouch has begun to monitor spam received  from IPv6 sources and future I...
Trends in Q2 2011…  Web 2.0 Trends
Web 2.0 TrendsMost Popular User Generated Content Sites     Rank Category                            %      1    Streaming...
Review of Q2 2011
Review of Q2 2011         Source: Commtouch
Download the complete July 2011      Internet Threats Trend Report                    atwww.commtouch.com/threat-report-Ju...
For more information contact:      info@commtouch.com    650 864 2000 (Americas) +972 9 863 6895 (International)   Web: ww...
Upcoming SlideShare
Loading in...5
×

July 2011 Internet Threats Trend Report

5,294

Published on

The Commtouch Quarterly Trends Threat Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The July 2011 edition provides analysis of Internet security threats that occurred during the second quarter of 2011.

You can download the complete report at http://www.commtouch.com/threat-report-July 2011.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
5,294
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

July 2011 Internet Threats Trend Report

  1. 1. Internet ThreatsTrend Report The October 2011 Internet Threat Report is now available! Click here to viewJuly 2011
  2. 2. July 2011 Threat Report The following is a condensed version of the July 2011 Commtouch Internet Threats Trend Report Download the complete report atwww.commtouch.com/threat-report-July2011Copyright© 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks,and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch.U.S. Patent No. 6,330,590 is owned by Commtouch.
  3. 3. July 2011 Threat Report1 Key Highlights 2 Feature Where did all the spam go? Spam, Malware, Web Security, 3 Trends Compromised Websites, Phishing, Zombies and Web 2.0
  4. 4. Key Highlights for Q2 2011
  5. 5. Key Security HighlightsAverage daily spam/phishing emails sent 113 billionAverage daily spam down from Q1 Lowest level in 3 years
  6. 6. Key Security Highlights Zombie daily turnover 377,000 Zombies Number of zombies turned off and ondaily - up significantly from 258,000 in Q1
  7. 7. Key Security Highlights Most popular blog topic on user generated content sites(No Change) Streaming media/ downloads The streaming media & downloads category includes sites with live or archived media for download or streaming content, such as Internet radio, Internet TV or MP3 files.
  8. 8. Key Security Highlights Most popular spam topic Pharmacy AdsWhile it was the most popular spam topic, it was down to only 24% of all spam, compared to 28% in Q1
  9. 9. Key Security Highlights Country with the most Zombies(No Change) India India continues to lead with 17% of all Zombies
  10. 10. Key Security HighlightsWebsite category most likely tobe compromised with malware Pornography and sexually explicit material
  11. 11. Feature… Where did all the spam go?
  12. 12. Q2 2011 Spam Trends • Q2 spam was at its lowest level in 3 years • June’s spam level (106 billion) • At its lowest point in June, spam accounted for 75% of all emailsAverage daily spam emails sent Source: Commtouch
  13. 13. Q2 2011 Spam Trends Spam Levels & Spam Percentage March - June, 2011MAR APR MAY JUN %spam 16th Mar Spam Rustock takedown Ham Source: Commtouch
  14. 14. Q2 2011 Spam Trends• Indications are that spammer tactics are changing • Mid-March 2011 Microsoft led takedown of the Rustock botnet immediately dropped spam levels by 30% to an average of 119 Billion messages per day • In past, such takedowns have resulted in only temporary spam level drops, followed by increased activity to build new botnets and resume mass mailings
  15. 15. Q2 2011 Spam Trends• Other changes in Q2 spam activity • Rustock takedown followed by large increases in email-borne malware • Number of zombies activated daily more than doubled in weeks following the malware outbreaks • Increased zombie horde not used for vast spam mailings (hence the declining spam numbers) but instead for smaller malware distribution attacks • Spam coming from compromised or spammer accounts as well as compromised mail servers has increased
  16. 16. Q2 2011 Spam Trends Analysis of Compromised AccountsA percentage of emails from Gmail and Hotmail actually comefrom genuine accounts – compromised accounts or accountsspecifically created by spammers • Almost 30% of the spam from Hotmail actually comes from compromised or spammer Hotmail accounts • Gmail spam mostly from zombies that simply forge Gmail addresses Source: Commtouch
  17. 17. Q2 2011 Spam TrendsAnalysis: Things are different this time as spammers are changing their tactics Download the complete July 2011 Internet Threats Trend Report for a complete review of the changing tactics of cybercriminals www.commtouch.com/threat-report-July2011
  18. 18. Trends in Q2 2011… Spam Trends
  19. 19. Spam Trends Spam Sending DomainsCommtouch monitors domains used by spammers inthe “from” field of the spam emails, typically faked inorder to give the impression of a reputable, genuinesource.
  20. 20. Spam TrendsTop Faked Spam Sending Domains* • NOTE “ups.com” in 14th place due to very large numbers of fake UPS notification emails sent in Q2 • See more details on the UPS outbreak in this quarter’s complete Internet Threats Trend Report * The domains that are used by spammers Source: Commtouch in the “from” field of the spam emails.
  21. 21. Spam Trends Spam Topics• Pharmacy spam remained in the top spot but dropped to only 24% (down from 28% in Q1 2011)• 419 fraud, phishing, and pornography all increased Source: Commtouch
  22. 22. Spam Trends• Q2 2011 also saw the emergence of e-cigarette spam French email above promotes health benefits of e-cigarettes due to the absence of 4,000 unwanted substances found in a normal cigarette
  23. 23. Trends in Q2 2011… Malware
  24. 24. Q2 2011 Malware Trends• End of Q1 2011 • Enormous outbreaks of email-borne malware (up to 30% of global email traffic) • Initial attachments were “UPS package notifications” • Then the subjects changed to “DHL package notifications”• Start of Q2 2011 • Attacks continued on smaller scale • Switched to “FedEx notifications”
  25. 25. Examples of MalwareAttack: IRS Payment RejectedPurpose: Most likely password theftHow it works: • Email appears to be from IRS (US government income tax authority) • Message informs recipients their tax payments via electronic payment system rejected • Link provided to receive a “tax transaction report” (actually a .exe file described as a self extracting PDF file )
  26. 26. Examples of Malware• Links lead to one of 2,500 domains registered in the 48 hours before the attack• Upon pressing the link, users gets to a page with a “404 not found” message, which hides the script that starts the virus download
  27. 27. Examples of Malware AttacksAttack: PDF MalwarePurpose: Capture keystrokes and browser activityHow it works: • Targets financially knowledgeable victims using the term “stat arb” (foreign exchange trading term) in the subject • Extracted file appears to be a PDF, but actually an executable file • When file runs, actually shows a non-malicious PDF file in a fake PDF reader window
  28. 28. Examples of Malware AttacksEmail with attachment Fake PDF file and reader
  29. 29. Malware Trends Top 10 Malware of Q2 2011Rank Malware name Rank Malware name 1 IFrame.gen 6 W32/Worm.MWD 2 W32/Ramnit.E 7 W32/VBTrojan.17E!Maximus 3 W32/Worm.BAOX 8 W32/Ramnit.D 4 W32/RAHack.A.gen!Eldorado 9 W32/Mydoom.O@mm 5 W32/Sality.gen2 10 W32/Vobfus.L.gen!Eldorado Source: Commtouch
  30. 30. Malware Trends Read about more Malware attacks in the complete July 2011 Threat Report athttp://www.commtouch.com/threat-report-July2011
  31. 31. Trends in Q2 2011… Web Security
  32. 32. Q2 Threats Facebook’s vast and ever-increasing user base continues to attract cybercriminalsThe Pros:• Trusted friend environment means users don’t suspect a message is coming from a compromised accountThe Cons:• Need compromised accounts to access other accounts• Friend networks rarely exceed a few hundred people• Facebook has implemented mechanisms to detect multiple simultaneous messages postings
  33. 33. Q2 Facebook Threats Exploits in Q2 2011Several techniques combined with socialengineering elements were used tocompromise Facebook user accounts in Q2and increase the scale of attacks.
  34. 34. Q2 Facebook ThreatsExample: Osama Bin Laden death exploited by Affiliate Marketing Groups• Goal of exploit: Affiliates earn money by driving victims to sites that pay bonuses based on clicks or successful sign-ups• How exploit worked: Initial Osama-themed messages sent from several compromised accounts and then quickly spread to draw users to the affiliated sites (see flow on next slide)
  35. 35. Q2 Facebook Threats Osama Bin Laden Affiliate 4 Marketing ExploitWith access to user’s friends, Infected user lead to a site withmalware sends out more YouTube clip of President Obamainvitations to continue the announcing operation.cycle. 2 User receives message or 3 1 Site then quickly event invitation from redirects to an friend promising video of affiliate marketing Bin Laden death. Message page. tricks user into running a malicious JavaScript while Facebook open.
  36. 36. Q2 Facebook ThreatsOsama Bin Laden – users run this script
  37. 37. Q2 Facebook ThreatsAdditional Facebook exploits in Q2: • See who’s been viewing your profile • Free Facebook credits • How many girls and boys have viewed your wall Download the complete July 2011 Internet Threats Trend Report for more details on these exploits www.commtouch.com/threat-report-July2011
  38. 38. Other trends in Q2 2011… Compromised Websites
  39. 39. Compromised Websites Trends in Compromised Websites• Compromised websites being used to hide phishing pages and malware• Benefits to the cybercriminal • Legitimate domains most likely have a good reputation in URL filter engines, so not likely to be blocked • Provides FREE hosting
  40. 40. Compromised WebsitesExample: iPhone 5 Virus (May 2011)• Malicious email distributed with promise of details regarding soon to be released “iPhone 5G S”• Images and links in email point to a file “iphone5.gif”, but it is actually a malware file “iphone5.gif.exe”
  41. 41. Compromised WebsitesExample: iPhone 5 Virus (May 2011)• Examination of the link reveals malware is hidden inside a compromised, legitimate website (see image)
  42. 42. Compromised WebsitesWebsite categories infected with malware Rank Category 1 Pornography/Sexually Explicit 2 Parked domains 3 Portals 4 Education 5 Entertainment 6 Business 7 Health & Medicine 8 Travel 9 Computers & Technology 10 Fashion & BeautyPortals category includes sites offering free homepages, which areabused to host phishing and malware content.
  43. 43. Compromised Websites Download the complete July 2011 Internet Threats Trend Report for more details on Compromised Websiteswww.commtouch.com/threat-report-July2011
  44. 44. Other trends in Q2 2011… Phishing Trends
  45. 45. Phishing Trends Phishing Trends• Phishing attacks continued to target • Local and global banks • Web email users • Facebook accounts • Online gaming sites
  46. 46. Phishing Trends Example – Facebook Phishing Page• Users asked to enter their credentials to overcome a security warning on the page• Entering credentials, they provide the phisher with valid Facebook access details that can be used or sold to other cybercriminal
  47. 47. Phishing Trends Improved Phishing Sites• In an attempt to provide protection from keyloggers, some financial institutions provide a virtual keyboard which users must use to enter their login information and passwords• Phishers have now added these keyboards to their phishing pages (see example on next page)which mimic the original
  48. 48. Phishing Trends Improved Phishing SitesFake Abu Dhabi Commercial Bank (ADCB) site complete withreproduced virtual keyboard
  49. 49. Compromised WebsitesWebsite categories infected with phishing Rank Category 1 Games 2 Portals 3 Shopping 4 Forums/Newsgroups 5 Non-profits & NGO 6 Fashion & Beauty 7 Leisure & Recreation 8 Sports 9 Education 10 BusinessPortals category includes sites offering free homepages, which areabused to host phishing and malware content.
  50. 50. Phishing TrendsDownload the complete July 2011 Internet Threats Trend Report for more details on Phishing www.commtouch.com/threat-report-July2011
  51. 51. Trends in Q2 2011… Zombie Trends
  52. 52. Zombie Trends Daily Turnover of Zombies in Q2• Average of 377,000 zombies newly activated each day for malicious activity• Substantial increase compared to the 258,000 in Q1 Source: Commtouch
  53. 53. Zombie Trends Worldwide Zombie Distribution in Q2 Source: Commtouch• India remains atop the list with 17%• Brazil, Vietnam, and the Russian federation all remained in the same places• Peru and Argentina dropped out of the top 15 replaced by Romania and Morocco
  54. 54. Zombie Trends Zombies and IPv6• As IPv4 addresses reach exhaustion, IPv6 addresses will begin to become more prevalent• Vast number of IPs available to a zombie makes blocking of a specific IP, associated with a Zombie, impossible• Blocking a range of IPs has issues • May block other users/devices that are not malicious (i.e.: generates false positives) • No standard IP range allocation currently defined – it is therefore difficult to know how wide a range of IPs should be blocked
  55. 55. Zombie Trends Zombies and IPv6• Commtouch has begun to monitor spam received from IPv6 sources and future Internet Threat Trend Reports may include relevant data as IPv6 traffic grows• Two on-demand webcasts are available from Commtouch providing information on IPv6 and potential threats: • An introduction to IPv6 • Overview of IPv6 threats
  56. 56. Trends in Q2 2011… Web 2.0 Trends
  57. 57. Web 2.0 TrendsMost Popular User Generated Content Sites Rank Category % 1 Streaming Media & Downloads 21% 2 Entertainment 9% 3 Computers & Technology 8% 4 Pornography/Sexually Explicit 5% 5 Shopping 5% 6 Arts 4% 7 Fashion & Beauty 4% 8 Religion 4% 9 Sports 4% 10 Restaurants & Dining 4% 11 Education 3% 12 Leisure & Recreation 3% 13 Health & Medicine 3% 14 Games 2% Source: Commtouch
  58. 58. Review of Q2 2011
  59. 59. Review of Q2 2011 Source: Commtouch
  60. 60. Download the complete July 2011 Internet Threats Trend Report atwww.commtouch.com/threat-report-July2011
  61. 61. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.comBlog: http://blog.commtouch.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×