Commtouch october 2012 internet threats trend report

1,599 views
1,562 views

Published on

Commtouch’s quarterly Internet Threats Trend Report covers Web threats, phishing, malware, and spam. The October 2012 report describes the growing menace of Android malware as shown by attacks that exclusively targeted the Google OS. The convincingly named “update” app provided its distributors with a platform for a mobile Android botnet or a vehicle for theft of corporate data.
July provided yet another botnet takedown – this time the Grum spam botnet. Although spam and zombie levels appeared to drop, the effect proved to be temporary. Spammers rallied quickly to recruit new zombies and resume spam-sending operations within a matter of days. The October Trend Report also covers Olympic Games scams, careless spammers, and the “calling card” that one malware gang keeps using.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,599
On SlideShare
0
From Embeds
0
Number of Embeds
999
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Commtouch october 2012 internet threats trend report

  1. 1. Internet ThreatsTrend ReportOctober 2012
  2. 2. October 2012 Threat Report The following is a condensed version of the October 2012 Commtouch Internet Threats Trend Report You can download the complete report at http://www.commtouch.com/threat-report-oct-2012Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalVieware trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware areregistered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
  3. 3. Key Security Highlights
  4. 4. Malware Trends
  5. 5. Android Malware• Android malware continues to grow – both in volume and in the number of variants• One attack made use of compromised email accounts to send simple one-link emails (in the past these were usually links to spam)• In this case the malware URLs only worked for Android devices
  6. 6. Android Malware• The downloaded file “update.apk” (.apk is a packaged Android app) requires the user to activate the installation• Malware could work as a proxy to steal data from devices on corporate VPNs• Alternatively, the network access would allow communication with botnet command and control servers
  7. 7. Groupon Malware Deals Android Malware• Authentic Groupon formatting• Malware attachment extracts to “Coupon gift.exe”• Commtouch’s Antivirus identifies the malware as W32/Trojan3.DWY• Only 30% of the 41 engines on VirusTotal detected the malware within a few hours of the attack
  8. 8. Attached-malware levels
  9. 9. Top 10 Malware of Q3 2012Rank Malware name Rank Malware name 1 SWF-malform-1 6 CVE-2010-3333 2 W32/Ramnit.Q 7 W32/MyWeb.D@adw 3 W32/Conficker!Generic 8 W32/Injector.A.gen!Eldorado 4 W32/Mabezat.A-2 9 W32/Mabezat.A-1 5 W32/Agent.PJ.gen!Eldorado 10 W32/Tenga.3666
  10. 10. Spam Trends
  11. 11. Grum Botnet Takedown• Reported near end-July• The takedown was the effort of FireEye assisted by Spamhaus, and other industry experts and network operators• Immediate effect was the lowest spam per single day in the last 3 years (near 51 billion messages)• However, spam levels returned to average numbers almost immediately
  12. 12. Spam Percentage• Spam averaged 74% of all emails sent during the quarter, a decrease of 2% from Q2
  13. 13. Spam Zombies• The number of zombies activated on the reported day of the Grum takedown was the lowest of the quarter• Note the ramp-up of daily activated zombies in the 2 weeks following the takedown• Average turnover: 304,000 newly activated each day for sending spam (minor increase from Q2 2012)
  14. 14. Spam Templates• Example from August• Spammers mistakenly leave script text inside sent emails• Text gives us an idea of how a template with variations is built• Designed to outwit spam filters
  15. 15. Spam Topics Cloud• Frequently occurring terms printed in proportionally larger text
  16. 16. Spam Topics• Pharmacy spam dropped nearly 10% this quarter but remained the most common spam subject• Enhancer spam gained almost 10% and replica themed spam dropped almost 5% to be only the 5th most popular topic
  17. 17. Olympic Games Scams• The Olympic Games (July and August) proved to be a very popular theme for 419 scams during the quarter• Most scams promised money from Olympics-related lotteries• Other emails offered Games-related merchandise for large fees or offered recipients interesting Olympic job- opportunities (in exchange for “processing” fees)
  18. 18. Web Trends
  19. 19. Wells Fargo attack uses hacked sites• Phony Wells Fargo emails link to compromised sites• Sites redirect to destination malware store• Blackhole Exploit Kit, in the form of obfuscated JavaScript on the final destination page, assesses the exploitable versions of various browsers and add-ons and executes appropriate payloads that start a process of downloading further malware onto the victim’s computer
  20. 20. Web categories: malware• Analysis of which categories of legitimate Web sites were most likely to be hiding malware pages (usually without the knowledge of the site owner)• Education category on top again Rank Category Rank Category 1 Education 6 Restaurants & Dining 2 Shopping 7 Travel 3 Sports 8 Health & Medicine 4 Business 9 Streaming Media & Downloads 5 Entertainment 10 Leisure & Recreation
  21. 21. Web categories: phishing• Analysis of which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner)• Portals (offering free website hosting) remained at the highest position Rank Category Rank Category 1 Portals 6 Real Estate 2 Education 7 Leisure & Recreation 3 Arts Sports 8 Travel 4 Shopping 9 Computers & Technology 5 Business 10 Health & Medicine
  22. 22. Zombie Hotspots
  23. 23. Zombie Hotspots• India still hosts over 20% of the world’s spam sending zombies• Morocco and Saudi Arabia dropped out of the top 15 – Replaced by Spain and Colombia
  24. 24. October 2012 Threat Report You can download the complete report at http://www.commtouch.com/threat-report-oct-2012Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalVieware trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware areregistered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
  25. 25. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.comBlog: http://blog.commtouch.com

×