Q2 Malware Trends Blended attacks mix brands and malwareThe attacks all included similar characteristics:• Well-crafted emails matching those of known companies which were sent out in large volumes.• The emails included links to multiple compromised websites which then redirected to the malware hosting websites.• The compromised websites were often based on the WordPress content management system.• The malware itself was mostly hosted on various .ru domains.• The malware pages showed simple messages such as “Please Wait – Loading” (black text on white).• The same Flash and Adobe Reader exploits were used in most of the malware
Q2 Malware TrendsBlended attacks mix brands and malware
Q2 Malware Trends Movie ticket hoax hides malware on Dropbox• Email offers free movie tickets• Clicking on the links leads to several redirects and scripts• Download of file “entrada_cine.zip” from the following link: • https://dl.dropbox.com/u/689--025/bts/entrada_cine.zip
Q2 Malware Trends Email-attached malware• Increase over Q1 levels• Sample attacks: • DHL tracking • “why did you put this photo online”
Q2 Malware Trends Top 10 Malware of Q2 2012Rank Malware name Rank Malware name 1 W32/RLPacked.A.gen!Eldorado 6 W32/Sality.gen2 2 W32/InstallCore.A2.gen!Eldorado 7 W32/RAHack.A.gen!Eldorado 3 W32/Sality.C.gen!Eldorado 8 W32/OnlineGames.FL.gen!Eldorado 4 W32/HotBar.L.gen!Eldorado 9 W32/Vobfus.AD.gen!Eldorado 5 W32/Heuristic-210!Eldorado 10 JS/Pdfka.EV.gen Source: Commtouch
Q2 Malware Trends For a complete analysis of Malware in Q2 and thespecific attacks employed, download the complete July 2012 Internet Threats Trend Report http://www.commtouch.com/threat-report-july-2012
Q2 Compromised Websites Malware and spam campaigns used compromised sites extensively• Sample LinkedIn email leads to simple notice while malware is downloaded• Legitimate site continues to function normally Source: Commtouch
Q2 Compromised Websites Website categories infected with malware• Pornographic sites disappeared from the top 10 as many legitimate sites from different categories found themselves hacked and hosting malware Rank Category Rank Category 1 Education 6 Sports 2 Travel 7 Leisure & Recreation 3 Business 8 Health & Medicine 4 Entertainment 9 Fashion and beauty Streaming media and 5 Restaurants and dining 10 downloads Source: Commtouch
Q2 Compromised Websites Phishing campaigns also using compromised sites• Sample – Yahoo phishing uses compromised photography site from Romania• Legitimate site continues to function normally Source: Commtouch
Q2 Compromised Websites Website categories infected with phishing• During the second quarter of 2012, Commtouch analyzed which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner).• Portals (offering free website hosting) remained at the highest position. Rank Category Rank Category 1 Portals 6 Business 2 Fashion & Beauty 7 Arts Streaming media and 3 Sports 8 downloads Computers and 4 Shopping 9 technology 5 Education 10 Travel Source: Commtouch
Q2 Web Security Download the complete July 2012 Internet Threats Trend Report for more detailshttp://www.commtouch.com/threat-report-july-2012
Q2 Spam TrendsSpammers invent “Facebook Social” Links lead via compromised sites to pharmacy sites Source: Commtouch
Q2 Spam TrendsPhony MySpace, Facebook emails Links lead to the “wikipharmacy” Source: Commtouch
Q2 Spam Trends Spam Levels• Marginal decrease compared to previous quarter• Average daily spam levels dropped to 91 billion spam and phishing emails/day Spam levels – Jan to June 2012 Source: Commtouch
Q2 Spam Trends Spam %• Spam averaged 76% of all emails in Q2 Spam % of all emails – Jan to June 2012 Source: Commtouch
Q2 Spam Trends Spam Topics in Q2• Pharmacy spam continued to increase, as it did last quarter, to nearly 41% of all spam (~3% more than the previous quarter)• Enhancer and diet-themed spam increased while replica spam dropped almost 8% Source: Commtouch
Q2 Spam TrendsTop Faked (Spoofed) Spam Sending Domains* Source: Commtouch * Domains used by spammers in the “from” field of the spam emails.
Q2 Spam TrendsFind out more about Spam Trends in Q2 by downloading the complete July Internet Threats Trend Report http://www.commtouch.com/threat-report-july-2012
Q2 Zombie Trends Daily Turnover of Zombies in Q2• Average turnover: 303,000 newly activated each day sending spam (increase from 270,000 in Q1 2012) Daily newly activated spam zombies: Jan to June 2012 Source: Commtouch
Q2 Zombie Trends Worldwide Zombie Distribution in Q2 Source: Commtouch• India again claimed top zombie producer title, moving above 20%• Poland, Italy, and Indonesia dropped out of the top 15, replaced by Saudi Arabia, Romania, and more surprisingly, Germany – which has stayed well out of the top 15 for over one and a half years.
Q2 Zombie Trends Download the complete July 2012 Internet Threats Trend Report for more detailshttp://www.commtouch.com/threat-report-july-2012
For more information contact: firstname.lastname@example.org 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.comBlog: http://blog.commtouch.com
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.