Your SlideShare is downloading. ×
0
Internet ThreatsTrend ReportOctober 2011
October 2011 Threat Report           The following is a condensed version            of the October 2011 Commtouch        ...
October 2011 Threat Report1 Key Highlights               What is behind the huge return 2 Feature     of email malware?   ...
Key Highlights for Q3 2011
Key Security Highlights  Average daily spam/phishing          emails sent         93 billionAverage daily spam continues t...
Key Security Highlights            Spam Zombie daily turnover                   336,000 Zombies  Q3 saw a slight decline f...
Key Security Highlights         Most popular blog topic on         user generated content sites                 Streaming ...
Key Security Highlights     Most popular spam topic           Pharmacy Ads               (29%)After decreasing for 6 conse...
Key Security HighlightsCountry with the most Zombies  India (18%)India continues to top the      list again in Q3
Key Security Highlights       Website category most likely to       be compromised with malware            Parked Domains ...
Feature…  What is behind the huge  return of email malware?
Q3 Malware Trends• In August, Commtouch Labs registered major  malware email outbreaks• The following Chart shows the scal...
Q3 Malware Trends       Analysis of August 2011 Outbreaks• Campaigns have been successful• Infection rate generally linear...
Q3 Malware Trends                        Analysis cont…At present, no clear reason for the build-up in bots   1. No increa...
Q3 Malware Trends                Top 10 Malware of Q3 2011Rank   Malware name                Rank Malware name 1     W32/O...
Q3 Malware Trends For a complete analysis of Malware in Q3 and thespecific attacks employed, download the complete   Octob...
Trends in Q3 2011…  Spam Trends
Q3 Spam Trends • Spam levels remain at their lowest in years   following the Rustock botnet takedown in March • Aug and Se...
Q3 Spam Trends• Spam averaged 76% of all emails sent during Q3  (excluding emails with malware attachments) Mar   Apr     ...
Q3 Spam TrendsTop Faked (Spoofed) Spam Sending Domains*                                 • Gmail.com once again the        ...
Compromised Accounts• In addition to spoofed emails (shown above), a  percentage of emails from Gmail, Hotmail and  Yahoo ...
Compromised AccountsAnalysis of spam “from” Gmail & Hotmail – Q2/Q3 2011 • Hotmail: 28-35% of the spam from Hotmail actual...
Compromised Accounts       Compromised Accounts Analysis• Having observed greater use of compromised  accounts, Commtouch ...
Compromised Accounts    What Compromised Accounts Used For• Mort than half of the  accounts were used to send  spam or sca...
Compromised Accounts           Compromised Accounts SurveyReview the full survey report and find out…  1.   Which accounts...
Q3 Spam Trends                     Spam Topics• Top topic “pharmacy spam” stopped its downward slide of  the past six quar...
Q3 Spam Trends Find out more about Spam Trends in Q3 by  downloading the complete October2011       Internet Threats Trend...
Trends in Q3 2011…  Web Security
Q3 Facebook Threats           Exploits in Q3 2011Facebook continues to draw the attentionof malware authors
Q3 Facebook Threats August 2011 “Friend” malware• A range of “friend request” emails were sent to draw  recipients to down...
Q3 Facebook Threats September 2011 “Like” Scams                         How scams workedThe Trap: Offers to get “free” mer...
Q3 Facebook ThreatsExample of “Like” scam
Q3 Facebook Threats            How the Scammers BenefittedImproved visibility/promotion of the scammer page:• Like appears...
Q3 Web Security ThreatsLearn more about other Web Security Threatsin Q3:  • PHP Thumbs exploit  • Others   Download the co...
Q3 Compromised Websites     Website categories infected with malware• Pornographic and sexually explicit sites were pushed...
Q3 Compromised Websites      Website categories infected with phishing• This is an analysis of which categories of legitim...
Trends in Q3 2011…  Zombie Trends
Q3 Zombie Trends            Daily Turnover of Zombies in Q3• Q3 saw an average turnover of 336,000 zombies each day  that ...
Q3 Zombie Trends    Worldwide Zombie Distribution in Q2                                                        Source: Com...
Trends in Q3 2011…  Web 2.0 Trends
Q3 Web 2.0 Trends                                Web 2.0 Trends     • “Streaming media and downloads” was again the most  ...
Review of Q3 2011
Review of Q3 2011                           July                          August                          September       ...
Download the complete October 2011      Internet Threats Trend Report                    atwww.commtouch.com/threat-report...
For more information contact:      info@commtouch.com    650 864 2000 (Americas) +972 9 863 6895 (International)   Web: ww...
Upcoming SlideShare
Loading in...5
×

Oct 2011 Threats Trend Report

1,738

Published on

The Commtouch Quarterly Trends Threat Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The July 2011 edition provides analysis of Internet security threats that occurred during the second quarter of 2011.

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,738
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Oct 2011 Threats Trend Report"

  1. 1. Internet ThreatsTrend ReportOctober 2011
  2. 2. October 2011 Threat Report The following is a condensed version of the October 2011 Commtouch Internet Threats Trend Report You can download the complete report atwww.commtouch.com/threat-report-Oct2011Copyright© 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, andCommtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. PatentNo. 6,330,590 is owned by Commtouch.
  3. 3. October 2011 Threat Report1 Key Highlights What is behind the huge return 2 Feature of email malware? Malware, Spam, Web Security, 3 Trends Compromised Websites and Zombies
  4. 4. Key Highlights for Q3 2011
  5. 5. Key Security Highlights Average daily spam/phishing emails sent 93 billionAverage daily spam continues to decline Lowest levels in years
  6. 6. Key Security Highlights Spam Zombie daily turnover 336,000 Zombies Q3 saw a slight decline from the 377,000 in Q2(Zombie turnover is the number of zombies turned off and on daily)
  7. 7. Key Security Highlights Most popular blog topic on user generated content sites Streaming media/ downloads (24%) Streaming media & downloads increased its share to nearly one quarter of all UGCIncludes sites with MP3 files or music related sites such as fan pages (these might also be categorized as entertainment)
  8. 8. Key Security Highlights Most popular spam topic Pharmacy Ads (29%)After decreasing for 6 consecutive quarters, Pharmacy Ads increased 5% in Q3
  9. 9. Key Security HighlightsCountry with the most Zombies India (18%)India continues to top the list again in Q3
  10. 10. Key Security Highlights Website category most likely to be compromised with malware Parked Domains “Pornographic and sexually explicit sites”(1st in Q2) was pushed into 3rd spot by “Parked Domains” and “Portals”
  11. 11. Feature… What is behind the huge return of email malware?
  12. 12. Q3 Malware Trends• In August, Commtouch Labs registered major malware email outbreaks• The following Chart shows the scale of these attacksMalware email levels – June to Sept 2011
  13. 13. Q3 Malware Trends Analysis of August 2011 Outbreaks• Campaigns have been successful• Infection rate generally linear • More malware emailed = more infections• Range of malware families detected in outbreaks • Variants of Sasfis, SpyEye, Zeus, fake antivirus, and others• In most cases the malware contacts external servers and downloads additional malware files to run on the infected machine
  14. 14. Q3 Malware Trends Analysis cont…At present, no clear reason for the build-up in bots 1. No increase in spam • A common result of large malware outbreaks 2. Most of the malware seen generally associated with specific attacks (e.g., Zeus – banking fraud) • So far, no increase in these attacksPossible reasons for new bot network • Large scale banking fraud • Facebook/Gmail/Yahoo account theft • Distributed denial of service (DDOS) • Other criminal activity
  15. 15. Q3 Malware Trends Top 10 Malware of Q3 2011Rank Malware name Rank Malware name 1 W32/Oficla.FO 6 W32/Patched.G 2 W32/RAHack.A.gen!Eldorado 7 W32/Damaged_File.B.gen!Eldorado 3 W32/Adware.PAP 8 W32/Bredolab.AP.gen!Eldorado 4 W32/Sality.gen2 9 W32/MalwareF.AFPRH 5 JS/Pdfka.BG 10 W32/Heuristic-210!Eldorado Source: Commtouch
  16. 16. Q3 Malware Trends For a complete analysis of Malware in Q3 and thespecific attacks employed, download the complete October 2011 Internet Threats Trend Report www.commtouch.com/threat-report-Oct2011
  17. 17. Trends in Q3 2011… Spam Trends
  18. 18. Q3 Spam Trends • Spam levels remain at their lowest in years following the Rustock botnet takedown in March • Aug and Sept attacks had no effect on spam levels • Q3 average spam levels near 93 billion email messages/dayMar Apr May Jun Jul Aug Sep
  19. 19. Q3 Spam Trends• Spam averaged 76% of all emails sent during Q3 (excluding emails with malware attachments) Mar Apr May Jun Jul Aug Sep
  20. 20. Q3 Spam TrendsTop Faked (Spoofed) Spam Sending Domains* • Gmail.com once again the most spoofed domain • 14th place again held by ups.com due to the very large numbers of fake UPS notification emails sent as part of the Q3 outbreaks * The domains that are used by spammers Source: Commtouch in the “from” field of the spam emails.
  21. 21. Compromised Accounts• In addition to spoofed emails (shown above), a percentage of emails from Gmail, Hotmail and Yahoo come from genuine accounts – compromised accounts (though some are accounts specifically created by spammers for spamming)• In the Q2 2011 Trend Report, Commtouch revealed an increased use of compromised accounts to spread spam (Compromised accounts offer several advantages, including the fact that they are difficult to block using IP reputation implemented by many anti-spam solutions)
  22. 22. Compromised AccountsAnalysis of spam “from” Gmail & Hotmail – Q2/Q3 2011 • Hotmail: 28-35% of the spam from Hotmail actually comes from compromised or spammer Hotmail accounts • Gmail: Most Gmail Spam (96-97%) comes from zombies that simply forge Gmail addresses • Q3 saw growth in use of Hotmail & Gmail compromised accounts in comparison to Q2 Source: Commtouch
  23. 23. Compromised Accounts Compromised Accounts Analysis• Having observed greater use of compromised accounts, Commtouch undertook primary research into the use of these accounts for sending spam• The research included the surveying of people whose accounts had been compromised• Results confirm Commtouch observations with regard to the increased use of compromised accounts for sending spam
  24. 24. Compromised Accounts What Compromised Accounts Used For• Mort than half of the accounts were used to send spam or scams• 23% of respondents not sure what their accounts were used for• Compromised Facebook accounts generally used to further the spread of malware or post links to marketing scam websites
  25. 25. Compromised Accounts Compromised Accounts SurveyReview the full survey report and find out… 1. Which accounts were affected 2. How accounts were compromised 3. Activity account was used for – e.g., spam, scam, etc. 4. How account owners found out 5. Action owners took to regain control of their account Full results of the survey can be found athttp://www.commtouch.com/hacked-accounts- report-Oct2011
  26. 26. Q3 Spam Trends Spam Topics• Top topic “pharmacy spam” stopped its downward slide of the past six quarters, adding 5% to reach 29% of all spam• “Enhancers” added 5 points, accounting for > 17% of spam Source: Commtouch
  27. 27. Q3 Spam Trends Find out more about Spam Trends in Q3 by downloading the complete October2011 Internet Threats Trend Reportwww.commtouch.com/threat-report-Oct2011
  28. 28. Trends in Q3 2011… Web Security
  29. 29. Q3 Facebook Threats Exploits in Q3 2011Facebook continues to draw the attentionof malware authors
  30. 30. Q3 Facebook Threats August 2011 “Friend” malware• A range of “friend request” emails were sent to draw recipients to download a banking Trojan
  31. 31. Q3 Facebook Threats September 2011 “Like” Scams How scams workedThe Trap: Offers to get “free” merchandise “The First 50.000 participants Get an iPhone 4 for free” “The first 25,000 that signup get a free pair of Beats by Dre headphones” “The first 1,000 participants Will Get An Facebook Phone for Free” “The First 25,000 Participants Will Get A Free Facebook Hoodie”What Facebook users had to do: Like several pages, provide their shipping addresses and forward the invite on to 100 or so friends (thus ensuring the spread of the scam)Result: Pages liked by hundreds of thousands of users
  32. 32. Q3 Facebook ThreatsExample of “Like” scam
  33. 33. Q3 Facebook Threats How the Scammers BenefittedImproved visibility/promotion of the scammer page:• Like appears on the Liker’s Wall and may appear in News Feeds• Liker displayed on the Page that was liked and ads about Page• Liked Facebook Pages can post updates to the Liker’s News Feed or send them messages• Liker’s connection to the page may also be shared with apps on the Facebook PlatformAlso…• Scammers got people’s shipping addresses (helpful in ID theft)• “Facebook Hoodie” offer linked to external site with further links to marketing scams brining the scammer per-click revenues
  34. 34. Q3 Web Security ThreatsLearn more about other Web Security Threatsin Q3: • PHP Thumbs exploit • Others Download the complete October 2011 Internet Threats Trend Report for more details www.commtouch.com/threat-report-Oct2011
  35. 35. Q3 Compromised Websites Website categories infected with malware• Pornographic and sexually explicit sites were pushed down to the 3rd spot by parked domains and portals (As noted in previous reports, the hosting of malware may well be the intention of the owners of the parked domains and pornography sites)Rank Category Rank Category 1 Parked Domains 6 Business 2 Portals 7 Computers & Technology 3 Pornography/Sexually Explicit 8 Health & Medicine 4 Education 9 Shopping 5 Entertainment 10 Travel Source: Commtouch Portals category includes sites offering free homepages, which are abused to host phishing and malware content or redirects to other sites with this content
  36. 36. Q3 Compromised Websites Website categories infected with phishing• This is an analysis of which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner)• Games retained ranking as highest, similar to last Q2 2011 Rank Category Rank Category 1 Games 6 Sports 2 Portals 7 Leisure & Recreation 3 Shopping 8 Business 4 Fashion & Beauty 9 Health & Medicine 5 Education 10 Entertainment Source: Commtouch Portals category includes sites offering free homepages, which are abused to host phishing and malware content.
  37. 37. Trends in Q3 2011… Zombie Trends
  38. 38. Q3 Zombie Trends Daily Turnover of Zombies in Q3• Q3 saw an average turnover of 336,000 zombies each day that were newly activated for sending spam• Slight decrease compared to the 377,000 from Q2 Source: Commtouch
  39. 39. Q3 Zombie Trends Worldwide Zombie Distribution in Q2 Source: Commtouch• India once again claimed the top zombie producer title, increasing its share to over 18%• Brazil dropped to 3rd position by decreasing its share of global zombie population by nearly 3%• The US and Iran joined top 15, displacing Poland and Italy
  40. 40. Trends in Q3 2011… Web 2.0 Trends
  41. 41. Q3 Web 2.0 Trends Web 2.0 Trends • “Streaming media and downloads” was again the most popular blog or page topic in Q3 (up to 24% of all UGC)Rank Category Percentage Rank Category Percentage Streaming Media & 1 24% 8 Arts 5% Downloads 2 Entertainment 9% 9 Sports 4% 3 Computers & Technology 8% 10 Education 4% Pornography/Sexually 4 6% 11 Leisure & Recreation 3% Explicit 5 Fashion & Beauty 5% 12 Health & Medicine 3% 6 Religion 5% 13 Games 3% 7 Restaurants & Dining 5% 14 Sex Education 2% Source: Commtouch The streaming media & downloads category includes sites with MP3 files or music related sites such as fan pages (these might also be categorized as entertainment).
  42. 42. Review of Q3 2011
  43. 43. Review of Q3 2011 July August September Android 25 billion Gap Spam ratio malware added Email- malware Facebook Athleta reaches low of to extended malware emails in “like” fake order 74% Wildlist outbreaks one day scams malware start “map of Most spam Twitter love” emailper day: 120 notifications PHP Thumbs Facebook malware billion lead to Web explot Right-to-Left friend Lowest spam override notifications spam per used in led to day: 64 malware malware billion Source: Commtouch
  44. 44. Download the complete October 2011 Internet Threats Trend Report atwww.commtouch.com/threat-report-Oct2011
  45. 45. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.comBlog: http://blog.commtouch.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×