Symantec Intelligence Report July 2011

Symantec Intelligence Report July 2011Symantec Intelligence 1

New: The Symantec Intelligence ReportThe new Symantec Intelligence Report combines the bestresearch and analysis from Symantec:• Symantec.cloud MessageLabs Intelligence Report• Symantec State of Spam & Phishing ReportThe Symantec Intelligence Report integrated report provides thelatest analysis of cyber security threats, trends and insights fromthe Symantec Intelligence teamSymantec Intelligence 2

July 2011 Highlights• Spam – 77.8% in July• Phishing – One in 319.3 emails identified as phishing• Malware – One in 280.9 emails in July contained malware• Malicious Web sites – 6,797 Web sites blocked per day• 35.9% of all malicious domains blocked were new in July• 21.1% of all Web-based malware blocked was new in July• Aggressively unstable malware leads to a rise in sophisticated socially engineered attacks• Phishers’ World in Your Cell Phone• Large scale malware attack using URL shortening services• Best Practices for Enterprises and UsersSymantec Intelligence 3

Spam Rate & Sources 4

Spam Attack VectorsSymantec Intelligence 5

Top Ten Spam-Sending Botnets (relative volumes)Since March 2011Symantec Intelligence 6

Most Active Spam-Sending Botnets Spam % of /bot estimated Botnet spam spam/day spam/min /min botnet size Country of Infection Cutwail 16.1% 9,609,745,048 6,673,434 77 800k to India (10%), Russia (9%), Brazil (8%) 1200k Xarvester 6.7% 4,002,042,186 2,779,196 455 57k to 86k United Kingdom (18%), France (13%), Italy (9%) Maazben 3.1% 1,872,408,382 1,300,284 14 520k to Rep. of Korea (14%), Russia (10%), India (10%) 780k Lethic 3.1% 1,824,416,511 1,266,956 45 230k to Rep. of Korea (25%), Russia (15%), Ukraine (7%) 340k Grum 3.0% 1,801,605,428 1,251,115 140 200k to Russia (14%), India (14%), Ukraine (8%) 290k Bagle 2.7% 1,599,896,533 1,111,039 58 140k to India (15%), Russia (1%), Argentina (8%) 200k Fivetoone 2.3% 1,400,401,724 972,501 98 94k to 140k Vietnam (20%), Brazil (12%), Indonesia (11%) Festi 1.2% 691,992,804 480,551 166 25k to 37k India (10%), Vietnam (10%), Brazil (9%) Bobax 0.4% 254,229,254 176,548 24 80k to 120k Ukraine (27%), India (18%), Russia (18%) DarkMailer 0.5% 42,575,225 29,566 351 1k to 1.5k France (27%), USA (16%), Germany (13%) Other, smaller 0.5% 22,277,510 15,470 321 62k to 95k Botnets Unnamed Botnets 36.9% 21,962,912,697 15,252,023 196 660k to 990k Total Botnet Spam 76.6% 45,084,503,302 31,308,683 162 Non-botnet spam 23.4% 3,411,165,479 2,368,865 Grand Total 48,495,668,780 33,677,548Symantec Intelligence 7

Global Spam Categories Category Name June 2011 July 2011 Pharmaceutical 40.0% 47.0% Adult/Sex/Dating 19.0% 14.5% Jobs/Recruitments - 10.5% Watches/Jewelry 17.5% 7.5% Unsolicited Newsletters 11.5% 7.5% Casino/Gambling 7.0% 3.5% Degrees/Diplomas 1.5% 2.5% Unknown/Other 2.5% 2.0%Symantec Intelligence 8

Spam Subject Line Analysis No. No. Total Spam: June 2011 Top of Total Spam: July 2011 Top Subject of Rank Subject Lines Days Lines Days 1 Blank Subject line 31 drop me a line 31 Re: Windows 7, Office 2010, 2 16 r u online now? 16 Adobe CS5 … 3 im online now 31 hi darling.. 31 4 my new pics :) 31 new email 31 5 drop me a line 31 found you :) 31 6 r u online now? 31 im online now 31 7 hi darling.. 31 my new pics :) 31 8 new email 31 my new email 31 9 found you :) 31 my hot pics :) 31 10 my hot pics :) 31 Im online now… 31Symantec Intelligence 9

Additional Spam MetricsSpam URL TLD Distribution ChangeTLD June July (% points)com 53.4% 54.9% +0.5ru 19.2% 10.6% -8.6info 14.9% 18.3% +3.4net 5.5% 6.2% +0.7 Average Spam Message Size ChangeMessage Size June July (% points)0Kb – 5Kb 62.3% 65.1% +2.85Kb – 10Kb 24.2% 21.2% -3.0>10Kb 13.4% 13.7% +0.3Symantec Intelligence 10

Virus RateSymantec Intelligence 11

Generic polymorphic malware and executableattachment malwareSymantec Intelligence 12

Copies intercepted of each new polymorphic strain on18 July 2011Symantec Intelligence 13

Most Frequently Blocked Email Malware Malware Name % Malware W32/Bredolab.gen!eml 3.9% Gen:Trojan.Heur.FU.bqW 5.7% W32/NewMalware!836b 2.3% Exploit/Link-7707 2.2% Exploit/Link-48cc 2.1% Exploit/LinkAliasPostcard-b11e 1.9% W32/Netsky.c-mm 1.6% Exploit/LinkAliasPostcard-f837 1.5% W32/Generic-bbc5-0e41 1.3% Exploit/Link-ExeSpoof 1.2%Symantec Intelligence 14

Phishing Rate & Sources 15

Tactics of Phishing DistributionSymantec Intelligence 16

Organizations Spoofed in Phishing Attacks, by IndustrySectorSymantec Intelligence 17

New Malware and Spyware Sites Per DaySymantec Intelligence 18

Policy, Malware & Potentially Unwanted ProgramsSymantec Intelligence 19

Most Frequently Blocked Malware at the Endpoint Malware Name % Malware W32.Ramnit!html 9.60% W32.Sality.AE 8.83% Trojan.Bamital 8.33% W32.Ramnit.B!inf 7.43% W32.Downadup.B 3.65% W32.Almanahe.B!inf 2.68% W32.Virut.CF 2.68% W32.SillyFDC 2.06% Trojan.ADH 1.80% W32.Mabezat.B 1.78% [1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jspSymantec Intelligence 20

Symantec Intelligence Report July 2011

by Symantec

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Symantec Intelligence Report July 2011 Presentation Transcript