• Save
Symantec Intelligence Report July 2011
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Symantec Intelligence Report July 2011

on

  • 2,400 views

The July 2011 Symantec Intelligence Report from Symantec reveals a significant increase in activity related to what may be described as a aggressive and rapidly changing form of generic polymorphic ...

The July 2011 Symantec Intelligence Report from Symantec reveals a significant increase in activity related to what may be described as a aggressive and rapidly changing form of generic polymorphic malware. With one in 280.9 emails identified as malicious in July, the rise accounted for 23.7 percent of all email-borne malware intercepted in July; more than double the same figure six months ago, indicating a much more aggressive strategy on the part of the cyber criminals responsible.

Statistics

Views

Total Views
2,400
Views on SlideShare
2,400
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Symantec Intelligence Report July 2011 Presentation Transcript

  • 1. Symantec Intelligence Report July 2011Symantec Intelligence 1
  • 2. New: The Symantec Intelligence ReportThe new Symantec Intelligence Report combines the bestresearch and analysis from Symantec:• Symantec.cloud MessageLabs Intelligence Report• Symantec State of Spam & Phishing ReportThe Symantec Intelligence Report integrated report provides thelatest analysis of cyber security threats, trends and insights fromthe Symantec Intelligence teamSymantec Intelligence 2
  • 3. July 2011 Highlights• Spam – 77.8% in July• Phishing – One in 319.3 emails identified as phishing• Malware – One in 280.9 emails in July contained malware• Malicious Web sites – 6,797 Web sites blocked per day• 35.9% of all malicious domains blocked were new in July• 21.1% of all Web-based malware blocked was new in July• Aggressively unstable malware leads to a rise in sophisticated socially engineered attacks• Phishers’ World in Your Cell Phone• Large scale malware attack using URL shortening services• Best Practices for Enterprises and UsersSymantec Intelligence 3
  • 4. Spam Rate & Sources 4
  • 5. Spam Attack VectorsSymantec Intelligence 5
  • 6. Top Ten Spam-Sending Botnets (relative volumes)Since March 2011Symantec Intelligence 6
  • 7. Most Active Spam-Sending Botnets Spam % of /bot estimated Botnet spam spam/day spam/min /min botnet size Country of Infection Cutwail 16.1% 9,609,745,048 6,673,434 77 800k to India (10%), Russia (9%), Brazil (8%) 1200k Xarvester 6.7% 4,002,042,186 2,779,196 455 57k to 86k United Kingdom (18%), France (13%), Italy (9%) Maazben 3.1% 1,872,408,382 1,300,284 14 520k to Rep. of Korea (14%), Russia (10%), India (10%) 780k Lethic 3.1% 1,824,416,511 1,266,956 45 230k to Rep. of Korea (25%), Russia (15%), Ukraine (7%) 340k Grum 3.0% 1,801,605,428 1,251,115 140 200k to Russia (14%), India (14%), Ukraine (8%) 290k Bagle 2.7% 1,599,896,533 1,111,039 58 140k to India (15%), Russia (1%), Argentina (8%) 200k Fivetoone 2.3% 1,400,401,724 972,501 98 94k to 140k Vietnam (20%), Brazil (12%), Indonesia (11%) Festi 1.2% 691,992,804 480,551 166 25k to 37k India (10%), Vietnam (10%), Brazil (9%) Bobax 0.4% 254,229,254 176,548 24 80k to 120k Ukraine (27%), India (18%), Russia (18%) DarkMailer 0.5% 42,575,225 29,566 351 1k to 1.5k France (27%), USA (16%), Germany (13%) Other, smaller 0.5% 22,277,510 15,470 321 62k to 95k Botnets Unnamed Botnets 36.9% 21,962,912,697 15,252,023 196 660k to 990k Total Botnet Spam 76.6% 45,084,503,302 31,308,683 162 Non-botnet spam 23.4% 3,411,165,479 2,368,865 Grand Total 48,495,668,780 33,677,548Symantec Intelligence 7
  • 8. Global Spam Categories Category Name June 2011 July 2011 Pharmaceutical 40.0% 47.0% Adult/Sex/Dating 19.0% 14.5% Jobs/Recruitments - 10.5% Watches/Jewelry 17.5% 7.5% Unsolicited Newsletters 11.5% 7.5% Casino/Gambling 7.0% 3.5% Degrees/Diplomas 1.5% 2.5% Unknown/Other 2.5% 2.0%Symantec Intelligence 8
  • 9. Spam Subject Line Analysis No. No. Total Spam: June 2011 Top of Total Spam: July 2011 Top Subject of Rank Subject Lines Days Lines Days 1 Blank Subject line 31 drop me a line 31 Re: Windows 7, Office 2010, 2 16 r u online now? 16 Adobe CS5 … 3 im online now 31 hi darling.. 31 4 my new pics :) 31 new email 31 5 drop me a line 31 found you :) 31 6 r u online now? 31 im online now 31 7 hi darling.. 31 my new pics :) 31 8 new email 31 my new email 31 9 found you :) 31 my hot pics :) 31 10 my hot pics :) 31 Im online now… 31Symantec Intelligence 9
  • 10. Additional Spam MetricsSpam URL TLD Distribution ChangeTLD June July (% points)com 53.4% 54.9% +0.5ru 19.2% 10.6% -8.6info 14.9% 18.3% +3.4net 5.5% 6.2% +0.7 Average Spam Message Size ChangeMessage Size June July (% points)0Kb – 5Kb 62.3% 65.1% +2.85Kb – 10Kb 24.2% 21.2% -3.0>10Kb 13.4% 13.7% +0.3Symantec Intelligence 10
  • 11. Virus RateSymantec Intelligence 11
  • 12. Generic polymorphic malware and executableattachment malwareSymantec Intelligence 12
  • 13. Copies intercepted of each new polymorphic strain on18 July 2011Symantec Intelligence 13
  • 14. Most Frequently Blocked Email Malware Malware Name % Malware W32/Bredolab.gen!eml 3.9% Gen:Trojan.Heur.FU.bqW 5.7% W32/NewMalware!836b 2.3% Exploit/Link-7707 2.2% Exploit/Link-48cc 2.1% Exploit/LinkAliasPostcard-b11e 1.9% W32/Netsky.c-mm 1.6% Exploit/LinkAliasPostcard-f837 1.5% W32/Generic-bbc5-0e41 1.3% Exploit/Link-ExeSpoof 1.2%Symantec Intelligence 14
  • 15. Phishing Rate & Sources 15
  • 16. Tactics of Phishing DistributionSymantec Intelligence 16
  • 17. Organizations Spoofed in Phishing Attacks, by IndustrySectorSymantec Intelligence 17
  • 18. New Malware and Spyware Sites Per DaySymantec Intelligence 18
  • 19. Policy, Malware & Potentially Unwanted ProgramsSymantec Intelligence 19
  • 20. Most Frequently Blocked Malware at the Endpoint Malware Name % Malware W32.Ramnit!html 9.60% W32.Sality.AE 8.83% Trojan.Bamital 8.33% W32.Ramnit.B!inf 7.43% W32.Downadup.B 3.65% W32.Almanahe.B!inf 2.68% W32.Virut.CF 2.68% W32.SillyFDC 2.06% Trojan.ADH 1.80% W32.Mabezat.B 1.78% [1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jspSymantec Intelligence 20