Your SlideShare is downloading. ×
Oct 2011 Threats Trend Report
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Oct 2011 Threats Trend Report

1,727
views

Published on

The Commtouch Quarterly Trends Threat Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The July 2011 edition provides analysis of Internet security …

The Commtouch Quarterly Trends Threat Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The July 2011 edition provides analysis of Internet security threats that occurred during the second quarter of 2011.

Published in: Technology, News & Politics

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,727
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Internet ThreatsTrend ReportOctober 2011
  • 2. October 2011 Threat Report The following is a condensed version of the October 2011 Commtouch Internet Threats Trend Report You can download the complete report atwww.commtouch.com/threat-report-Oct2011Copyright© 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, andCommtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. PatentNo. 6,330,590 is owned by Commtouch.
  • 3. October 2011 Threat Report1 Key Highlights What is behind the huge return 2 Feature of email malware? Malware, Spam, Web Security, 3 Trends Compromised Websites and Zombies
  • 4. Key Highlights for Q3 2011
  • 5. Key Security Highlights Average daily spam/phishing emails sent 93 billionAverage daily spam continues to decline Lowest levels in years
  • 6. Key Security Highlights Spam Zombie daily turnover 336,000 Zombies Q3 saw a slight decline from the 377,000 in Q2(Zombie turnover is the number of zombies turned off and on daily)
  • 7. Key Security Highlights Most popular blog topic on user generated content sites Streaming media/ downloads (24%) Streaming media & downloads increased its share to nearly one quarter of all UGCIncludes sites with MP3 files or music related sites such as fan pages (these might also be categorized as entertainment)
  • 8. Key Security Highlights Most popular spam topic Pharmacy Ads (29%)After decreasing for 6 consecutive quarters, Pharmacy Ads increased 5% in Q3
  • 9. Key Security HighlightsCountry with the most Zombies India (18%)India continues to top the list again in Q3
  • 10. Key Security Highlights Website category most likely to be compromised with malware Parked Domains “Pornographic and sexually explicit sites”(1st in Q2) was pushed into 3rd spot by “Parked Domains” and “Portals”
  • 11. Feature… What is behind the huge return of email malware?
  • 12. Q3 Malware Trends• In August, Commtouch Labs registered major malware email outbreaks• The following Chart shows the scale of these attacksMalware email levels – June to Sept 2011
  • 13. Q3 Malware Trends Analysis of August 2011 Outbreaks• Campaigns have been successful• Infection rate generally linear • More malware emailed = more infections• Range of malware families detected in outbreaks • Variants of Sasfis, SpyEye, Zeus, fake antivirus, and others• In most cases the malware contacts external servers and downloads additional malware files to run on the infected machine
  • 14. Q3 Malware Trends Analysis cont…At present, no clear reason for the build-up in bots 1. No increase in spam • A common result of large malware outbreaks 2. Most of the malware seen generally associated with specific attacks (e.g., Zeus – banking fraud) • So far, no increase in these attacksPossible reasons for new bot network • Large scale banking fraud • Facebook/Gmail/Yahoo account theft • Distributed denial of service (DDOS) • Other criminal activity
  • 15. Q3 Malware Trends Top 10 Malware of Q3 2011Rank Malware name Rank Malware name 1 W32/Oficla.FO 6 W32/Patched.G 2 W32/RAHack.A.gen!Eldorado 7 W32/Damaged_File.B.gen!Eldorado 3 W32/Adware.PAP 8 W32/Bredolab.AP.gen!Eldorado 4 W32/Sality.gen2 9 W32/MalwareF.AFPRH 5 JS/Pdfka.BG 10 W32/Heuristic-210!Eldorado Source: Commtouch
  • 16. Q3 Malware Trends For a complete analysis of Malware in Q3 and thespecific attacks employed, download the complete October 2011 Internet Threats Trend Report www.commtouch.com/threat-report-Oct2011
  • 17. Trends in Q3 2011… Spam Trends
  • 18. Q3 Spam Trends • Spam levels remain at their lowest in years following the Rustock botnet takedown in March • Aug and Sept attacks had no effect on spam levels • Q3 average spam levels near 93 billion email messages/dayMar Apr May Jun Jul Aug Sep
  • 19. Q3 Spam Trends• Spam averaged 76% of all emails sent during Q3 (excluding emails with malware attachments) Mar Apr May Jun Jul Aug Sep
  • 20. Q3 Spam TrendsTop Faked (Spoofed) Spam Sending Domains* • Gmail.com once again the most spoofed domain • 14th place again held by ups.com due to the very large numbers of fake UPS notification emails sent as part of the Q3 outbreaks * The domains that are used by spammers Source: Commtouch in the “from” field of the spam emails.
  • 21. Compromised Accounts• In addition to spoofed emails (shown above), a percentage of emails from Gmail, Hotmail and Yahoo come from genuine accounts – compromised accounts (though some are accounts specifically created by spammers for spamming)• In the Q2 2011 Trend Report, Commtouch revealed an increased use of compromised accounts to spread spam (Compromised accounts offer several advantages, including the fact that they are difficult to block using IP reputation implemented by many anti-spam solutions)
  • 22. Compromised AccountsAnalysis of spam “from” Gmail & Hotmail – Q2/Q3 2011 • Hotmail: 28-35% of the spam from Hotmail actually comes from compromised or spammer Hotmail accounts • Gmail: Most Gmail Spam (96-97%) comes from zombies that simply forge Gmail addresses • Q3 saw growth in use of Hotmail & Gmail compromised accounts in comparison to Q2 Source: Commtouch
  • 23. Compromised Accounts Compromised Accounts Analysis• Having observed greater use of compromised accounts, Commtouch undertook primary research into the use of these accounts for sending spam• The research included the surveying of people whose accounts had been compromised• Results confirm Commtouch observations with regard to the increased use of compromised accounts for sending spam
  • 24. Compromised Accounts What Compromised Accounts Used For• Mort than half of the accounts were used to send spam or scams• 23% of respondents not sure what their accounts were used for• Compromised Facebook accounts generally used to further the spread of malware or post links to marketing scam websites
  • 25. Compromised Accounts Compromised Accounts SurveyReview the full survey report and find out… 1. Which accounts were affected 2. How accounts were compromised 3. Activity account was used for – e.g., spam, scam, etc. 4. How account owners found out 5. Action owners took to regain control of their account Full results of the survey can be found athttp://www.commtouch.com/hacked-accounts- report-Oct2011
  • 26. Q3 Spam Trends Spam Topics• Top topic “pharmacy spam” stopped its downward slide of the past six quarters, adding 5% to reach 29% of all spam• “Enhancers” added 5 points, accounting for > 17% of spam Source: Commtouch
  • 27. Q3 Spam Trends Find out more about Spam Trends in Q3 by downloading the complete October2011 Internet Threats Trend Reportwww.commtouch.com/threat-report-Oct2011
  • 28. Trends in Q3 2011… Web Security
  • 29. Q3 Facebook Threats Exploits in Q3 2011Facebook continues to draw the attentionof malware authors
  • 30. Q3 Facebook Threats August 2011 “Friend” malware• A range of “friend request” emails were sent to draw recipients to download a banking Trojan
  • 31. Q3 Facebook Threats September 2011 “Like” Scams How scams workedThe Trap: Offers to get “free” merchandise “The First 50.000 participants Get an iPhone 4 for free” “The first 25,000 that signup get a free pair of Beats by Dre headphones” “The first 1,000 participants Will Get An Facebook Phone for Free” “The First 25,000 Participants Will Get A Free Facebook Hoodie”What Facebook users had to do: Like several pages, provide their shipping addresses and forward the invite on to 100 or so friends (thus ensuring the spread of the scam)Result: Pages liked by hundreds of thousands of users
  • 32. Q3 Facebook ThreatsExample of “Like” scam
  • 33. Q3 Facebook Threats How the Scammers BenefittedImproved visibility/promotion of the scammer page:• Like appears on the Liker’s Wall and may appear in News Feeds• Liker displayed on the Page that was liked and ads about Page• Liked Facebook Pages can post updates to the Liker’s News Feed or send them messages• Liker’s connection to the page may also be shared with apps on the Facebook PlatformAlso…• Scammers got people’s shipping addresses (helpful in ID theft)• “Facebook Hoodie” offer linked to external site with further links to marketing scams brining the scammer per-click revenues
  • 34. Q3 Web Security ThreatsLearn more about other Web Security Threatsin Q3: • PHP Thumbs exploit • Others Download the complete October 2011 Internet Threats Trend Report for more details www.commtouch.com/threat-report-Oct2011
  • 35. Q3 Compromised Websites Website categories infected with malware• Pornographic and sexually explicit sites were pushed down to the 3rd spot by parked domains and portals (As noted in previous reports, the hosting of malware may well be the intention of the owners of the parked domains and pornography sites)Rank Category Rank Category 1 Parked Domains 6 Business 2 Portals 7 Computers & Technology 3 Pornography/Sexually Explicit 8 Health & Medicine 4 Education 9 Shopping 5 Entertainment 10 Travel Source: Commtouch Portals category includes sites offering free homepages, which are abused to host phishing and malware content or redirects to other sites with this content
  • 36. Q3 Compromised Websites Website categories infected with phishing• This is an analysis of which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner)• Games retained ranking as highest, similar to last Q2 2011 Rank Category Rank Category 1 Games 6 Sports 2 Portals 7 Leisure & Recreation 3 Shopping 8 Business 4 Fashion & Beauty 9 Health & Medicine 5 Education 10 Entertainment Source: Commtouch Portals category includes sites offering free homepages, which are abused to host phishing and malware content.
  • 37. Trends in Q3 2011… Zombie Trends
  • 38. Q3 Zombie Trends Daily Turnover of Zombies in Q3• Q3 saw an average turnover of 336,000 zombies each day that were newly activated for sending spam• Slight decrease compared to the 377,000 from Q2 Source: Commtouch
  • 39. Q3 Zombie Trends Worldwide Zombie Distribution in Q2 Source: Commtouch• India once again claimed the top zombie producer title, increasing its share to over 18%• Brazil dropped to 3rd position by decreasing its share of global zombie population by nearly 3%• The US and Iran joined top 15, displacing Poland and Italy
  • 40. Trends in Q3 2011… Web 2.0 Trends
  • 41. Q3 Web 2.0 Trends Web 2.0 Trends • “Streaming media and downloads” was again the most popular blog or page topic in Q3 (up to 24% of all UGC)Rank Category Percentage Rank Category Percentage Streaming Media & 1 24% 8 Arts 5% Downloads 2 Entertainment 9% 9 Sports 4% 3 Computers & Technology 8% 10 Education 4% Pornography/Sexually 4 6% 11 Leisure & Recreation 3% Explicit 5 Fashion & Beauty 5% 12 Health & Medicine 3% 6 Religion 5% 13 Games 3% 7 Restaurants & Dining 5% 14 Sex Education 2% Source: Commtouch The streaming media & downloads category includes sites with MP3 files or music related sites such as fan pages (these might also be categorized as entertainment).
  • 42. Review of Q3 2011
  • 43. Review of Q3 2011 July August September Android 25 billion Gap Spam ratio malware added Email- malware Facebook Athleta reaches low of to extended malware emails in “like” fake order 74% Wildlist outbreaks one day scams malware start “map of Most spam Twitter love” emailper day: 120 notifications PHP Thumbs Facebook malware billion lead to Web explot Right-to-Left friend Lowest spam override notifications spam per used in led to day: 64 malware malware billion Source: Commtouch
  • 44. Download the complete October 2011 Internet Threats Trend Report atwww.commtouch.com/threat-report-Oct2011
  • 45. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.comBlog: http://blog.commtouch.com