• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Symantec Intelligence Report July 2011
 

Symantec Intelligence Report July 2011

on

  • 2,293 views

The July 2011 Symantec Intelligence Report from Symantec reveals a significant increase in activity related to what may be described as a aggressive and rapidly changing form of generic polymorphic ...

The July 2011 Symantec Intelligence Report from Symantec reveals a significant increase in activity related to what may be described as a aggressive and rapidly changing form of generic polymorphic malware. With one in 280.9 emails identified as malicious in July, the rise accounted for 23.7 percent of all email-borne malware intercepted in July; more than double the same figure six months ago, indicating a much more aggressive strategy on the part of the cyber criminals responsible.

Statistics

Views

Total Views
2,293
Views on SlideShare
2,293
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Symantec Intelligence Report July 2011 Symantec Intelligence Report July 2011 Presentation Transcript

    • Symantec Intelligence Report July 2011Symantec Intelligence 1
    • New: The Symantec Intelligence ReportThe new Symantec Intelligence Report combines the bestresearch and analysis from Symantec:• Symantec.cloud MessageLabs Intelligence Report• Symantec State of Spam & Phishing ReportThe Symantec Intelligence Report integrated report provides thelatest analysis of cyber security threats, trends and insights fromthe Symantec Intelligence teamSymantec Intelligence 2
    • July 2011 Highlights• Spam – 77.8% in July• Phishing – One in 319.3 emails identified as phishing• Malware – One in 280.9 emails in July contained malware• Malicious Web sites – 6,797 Web sites blocked per day• 35.9% of all malicious domains blocked were new in July• 21.1% of all Web-based malware blocked was new in July• Aggressively unstable malware leads to a rise in sophisticated socially engineered attacks• Phishers’ World in Your Cell Phone• Large scale malware attack using URL shortening services• Best Practices for Enterprises and UsersSymantec Intelligence 3
    • Spam Rate & Sources 4
    • Spam Attack VectorsSymantec Intelligence 5
    • Top Ten Spam-Sending Botnets (relative volumes)Since March 2011Symantec Intelligence 6
    • Most Active Spam-Sending Botnets Spam % of /bot estimated Botnet spam spam/day spam/min /min botnet size Country of Infection Cutwail 16.1% 9,609,745,048 6,673,434 77 800k to India (10%), Russia (9%), Brazil (8%) 1200k Xarvester 6.7% 4,002,042,186 2,779,196 455 57k to 86k United Kingdom (18%), France (13%), Italy (9%) Maazben 3.1% 1,872,408,382 1,300,284 14 520k to Rep. of Korea (14%), Russia (10%), India (10%) 780k Lethic 3.1% 1,824,416,511 1,266,956 45 230k to Rep. of Korea (25%), Russia (15%), Ukraine (7%) 340k Grum 3.0% 1,801,605,428 1,251,115 140 200k to Russia (14%), India (14%), Ukraine (8%) 290k Bagle 2.7% 1,599,896,533 1,111,039 58 140k to India (15%), Russia (1%), Argentina (8%) 200k Fivetoone 2.3% 1,400,401,724 972,501 98 94k to 140k Vietnam (20%), Brazil (12%), Indonesia (11%) Festi 1.2% 691,992,804 480,551 166 25k to 37k India (10%), Vietnam (10%), Brazil (9%) Bobax 0.4% 254,229,254 176,548 24 80k to 120k Ukraine (27%), India (18%), Russia (18%) DarkMailer 0.5% 42,575,225 29,566 351 1k to 1.5k France (27%), USA (16%), Germany (13%) Other, smaller 0.5% 22,277,510 15,470 321 62k to 95k Botnets Unnamed Botnets 36.9% 21,962,912,697 15,252,023 196 660k to 990k Total Botnet Spam 76.6% 45,084,503,302 31,308,683 162 Non-botnet spam 23.4% 3,411,165,479 2,368,865 Grand Total 48,495,668,780 33,677,548Symantec Intelligence 7
    • Global Spam Categories Category Name June 2011 July 2011 Pharmaceutical 40.0% 47.0% Adult/Sex/Dating 19.0% 14.5% Jobs/Recruitments - 10.5% Watches/Jewelry 17.5% 7.5% Unsolicited Newsletters 11.5% 7.5% Casino/Gambling 7.0% 3.5% Degrees/Diplomas 1.5% 2.5% Unknown/Other 2.5% 2.0%Symantec Intelligence 8
    • Spam Subject Line Analysis No. No. Total Spam: June 2011 Top of Total Spam: July 2011 Top Subject of Rank Subject Lines Days Lines Days 1 Blank Subject line 31 drop me a line 31 Re: Windows 7, Office 2010, 2 16 r u online now? 16 Adobe CS5 … 3 im online now 31 hi darling.. 31 4 my new pics :) 31 new email 31 5 drop me a line 31 found you :) 31 6 r u online now? 31 im online now 31 7 hi darling.. 31 my new pics :) 31 8 new email 31 my new email 31 9 found you :) 31 my hot pics :) 31 10 my hot pics :) 31 Im online now… 31Symantec Intelligence 9
    • Additional Spam MetricsSpam URL TLD Distribution ChangeTLD June July (% points)com 53.4% 54.9% +0.5ru 19.2% 10.6% -8.6info 14.9% 18.3% +3.4net 5.5% 6.2% +0.7 Average Spam Message Size ChangeMessage Size June July (% points)0Kb – 5Kb 62.3% 65.1% +2.85Kb – 10Kb 24.2% 21.2% -3.0>10Kb 13.4% 13.7% +0.3Symantec Intelligence 10
    • Virus RateSymantec Intelligence 11
    • Generic polymorphic malware and executableattachment malwareSymantec Intelligence 12
    • Copies intercepted of each new polymorphic strain on18 July 2011Symantec Intelligence 13
    • Most Frequently Blocked Email Malware Malware Name % Malware W32/Bredolab.gen!eml 3.9% Gen:Trojan.Heur.FU.bqW 5.7% W32/NewMalware!836b 2.3% Exploit/Link-7707 2.2% Exploit/Link-48cc 2.1% Exploit/LinkAliasPostcard-b11e 1.9% W32/Netsky.c-mm 1.6% Exploit/LinkAliasPostcard-f837 1.5% W32/Generic-bbc5-0e41 1.3% Exploit/Link-ExeSpoof 1.2%Symantec Intelligence 14
    • Phishing Rate & Sources 15
    • Tactics of Phishing DistributionSymantec Intelligence 16
    • Organizations Spoofed in Phishing Attacks, by IndustrySectorSymantec Intelligence 17
    • New Malware and Spyware Sites Per DaySymantec Intelligence 18
    • Policy, Malware & Potentially Unwanted ProgramsSymantec Intelligence 19
    • Most Frequently Blocked Malware at the Endpoint Malware Name % Malware W32.Ramnit!html 9.60% W32.Sality.AE 8.83% Trojan.Bamital 8.33% W32.Ramnit.B!inf 7.43% W32.Downadup.B 3.65% W32.Almanahe.B!inf 2.68% W32.Virut.CF 2.68% W32.SillyFDC 2.06% Trojan.ADH 1.80% W32.Mabezat.B 1.78% [1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jspSymantec Intelligence 20