Internet Threats Trend Report<br />April 2011<br />
April 2011 Threat Report<br />The following is a condensed version of the April 2011 Commtouch Internet Threats Trend Repo...
April 2011 Threat Report<br />1<br />Key Highlights<br />2<br />Feature<br />The ups & downs of Spam in Q1<br />3<br />Mal...
Key Highlights<br />
Key Security Highlights<br />Average daily spam/phishing emails sent<br />149 billion <br />Average daily spam was up in Q...
Key Security Highlights<br />Zombie daily turnover<br />258,000 Zombies<br />Number of zombies turned off and on each day ...
Key Security Highlights<br />Most popular blog topic onuser generated content sites<br />Streaming media/downloads<br />
Key Security Highlights<br />Most popular spam topic<br />Pharmacy ads (28% of spam)<br />While it was the most popular sp...
Key Security Highlights<br />Country with the most Zombies<br />India (17%) <br />India remains atop the list but with jus...
Key Security Highlights<br />Website category most likely to be compromised with malware<br />Parked Domains<br />Parked D...
Feature…<br />The ups & downs of spam in Q1<br />
Q1 2011 Spam Trends<br /><ul><li>Q1 spam levels start off low after an unusually low-spam Christmas
Around Jan 10, 2011, spam shot up 45% (compared to previous two weeks) to pre-Christmas levels
The increase was attributed to the resumption of activity by the Rustockbotnet – primarily sending out pharmaceutical spam
Spam stabilizes in middle of quarter
February averages 165 billion spam emails/day (in comparison, Oct 2010 has 162 billion per day)</li></li></ul><li>Q1 2011 ...
Result – dramatic 30% decrease in spam rates, </li></ul>Spam Levels, December 2010 - March 2011<br />Source: Commtouch<br />
Q1 2011 Spam Trends<br /><ul><li>Rustock takedown results in two week drop in in daily Zombie turnover (25% drop)
Large malware outbreak at the end of March results in large-scale recruitment of new zombies – more than doubling the dail...
Other trends in Q1 2011…<br />Malware <br />
Malware Trends<br /><ul><li>Over the last two years, virus distributors have steadily decreased their usage of email attac...
Web-based methods have become more common as illustrated by several of the attacks described in this report
March Outbreak changed this – very high levels of emails with attached malware
At its peak accounted for over 30% of all email received
Sudden increase amounted to a 400% difference compared to the running average  (see graph below)</li></li></ul><li>Malware...
Malware Trends<br /><ul><li>Most of the emails in March outbreak came in the form of UPS parcel tracking information</li><...
Later variations of the outbreak changed subjects to indicate DHL deliveries</li></li></ul><li>Malware Trends<br />Analysi...
One possible theory is the rebuilding of a botnet or new botnet after the takedown of Rustock
Rustock takedown resulted in a 30% drop in spam</li></li></ul><li>Malware Trends<br />Other Malware in Q1 – PDF Vulnerabil...
Attached file contains JavaScript targeting vulnerabilities in PDF readers not running latest patches
After PC exploited, the malware fetches other malware from the Internet</li></ul>Source: Commtouch<br />
Malware Trends<br />Other Malware in Q1 targeted<br />Figure below shows the flow of attack<br />
Malware Trends<br />Read all the details in the complete April 2011 threat report at www.commtouch.com/threat-report<br />...
T-Online used for fake AV</li></li></ul><li>Malware Trends<br />Top 10 Malware of Q1 2011<br />Source: Commtouch <br />
Other trends in Q1 2011…<br />Compromised Websites<br />
Compromised Websites<br />Analysis of Web sites most likely to be compromised with malware or phishing <br /><ul><li>For t...
For both these types of sites, the hosting of malware may well be part of the design of such sites</li></li></ul><li>Compr...
Compromised Websites<br />Trends in Compromised Websites<br /><ul><li>Compromised websites being used to host spam product...
Benefits for the spammer
Provides FREE hosting
Forum domains most likely whitelisted by many URL filtering or anti-spam engines preventing these sites and associated spa...
Upcoming SlideShare
Loading in …5
×

Commtouch April 2011 Internet Threats Trend report

2,957 views

Published on

The Commtouch Quarterly Trends Threat Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The April 2011 edition provides analysis of Internet security threats that occurred during the first quarter of 2011.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,957
On SlideShare
0
From Embeds
0
Number of Embeds
470
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Commtouch April 2011 Internet Threats Trend report

  1. 1. Internet Threats Trend Report<br />April 2011<br />
  2. 2. April 2011 Threat Report<br />The following is a condensed version of the April 2011 Commtouch Internet Threats Trend Report<br />Download the complete report atwww.commtouch.com/threat-report<br />Copyright© 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.<br />
  3. 3. April 2011 Threat Report<br />1<br />Key Highlights<br />2<br />Feature<br />The ups & downs of Spam in Q1<br />3<br />Malware, Compromised Websites,Spam and Web 2.0<br />Trends<br />
  4. 4. Key Highlights<br />
  5. 5. Key Security Highlights<br />Average daily spam/phishing emails sent<br />149 billion <br />Average daily spam was up in Q1<br />
  6. 6. Key Security Highlights<br />Zombie daily turnover<br />258,000 Zombies<br />Number of zombies turned off and on each day went down in Q1<br />
  7. 7. Key Security Highlights<br />Most popular blog topic onuser generated content sites<br />Streaming media/downloads<br />
  8. 8. Key Security Highlights<br />Most popular spam topic<br />Pharmacy ads (28% of spam)<br />While it was the most popular spam topic,it was down to only 28% of all spam<br />
  9. 9. Key Security Highlights<br />Country with the most Zombies<br />India (17%) <br />India remains atop the list but with just 17% <br />
  10. 10. Key Security Highlights<br />Website category most likely to be compromised with malware<br />Parked Domains<br />Parked Domains took over the top spotin categories likely to be compromised<br />
  11. 11. Feature…<br />The ups & downs of spam in Q1<br />
  12. 12. Q1 2011 Spam Trends<br /><ul><li>Q1 spam levels start off low after an unusually low-spam Christmas
  13. 13. Around Jan 10, 2011, spam shot up 45% (compared to previous two weeks) to pre-Christmas levels
  14. 14. The increase was attributed to the resumption of activity by the Rustockbotnet – primarily sending out pharmaceutical spam
  15. 15. Spam stabilizes in middle of quarter
  16. 16. February averages 165 billion spam emails/day (in comparison, Oct 2010 has 162 billion per day)</li></li></ul><li>Q1 2011 Spam Trends<br /><ul><li>On March 16, the RustockBotnet is taken down
  17. 17. Result – dramatic 30% decrease in spam rates, </li></ul>Spam Levels, December 2010 - March 2011<br />Source: Commtouch<br />
  18. 18. Q1 2011 Spam Trends<br /><ul><li>Rustock takedown results in two week drop in in daily Zombie turnover (25% drop)
  19. 19. Large malware outbreak at the end of March results in large-scale recruitment of new zombies – more than doubling the daily turnover</li></ul>Newly Activated Zombies, January - March 2011<br />Source: Commtouch<br />
  20. 20. Other trends in Q1 2011…<br />Malware <br />
  21. 21. Malware Trends<br /><ul><li>Over the last two years, virus distributors have steadily decreased their usage of email attachments as a means of malware distribution
  22. 22. Web-based methods have become more common as illustrated by several of the attacks described in this report
  23. 23. March Outbreak changed this – very high levels of emails with attached malware
  24. 24. At its peak accounted for over 30% of all email received
  25. 25. Sudden increase amounted to a 400% difference compared to the running average (see graph below)</li></li></ul><li>Malware Trends<br />Email-borne Malware Levels, March 2011<br />Source: Commtouch<br />
  26. 26. Malware Trends<br /><ul><li>Most of the emails in March outbreak came in the form of UPS parcel tracking information</li></ul>Source: Commtouch<br /><ul><li>The attached zip file contained an executable, disguised with a PDF icon
  27. 27. Later variations of the outbreak changed subjects to indicate DHL deliveries</li></li></ul><li>Malware Trends<br />Analysis of Q1 Malware Outbreak<br /><ul><li>Large speculation over reason for sudden increase in malware-laden spam
  28. 28. One possible theory is the rebuilding of a botnet or new botnet after the takedown of Rustock
  29. 29. Rustock takedown resulted in a 30% drop in spam</li></li></ul><li>Malware Trends<br />Other Malware in Q1 – PDF Vulnerability<br /><ul><li>Emails disguised as if sent from a Xerox office scanner (see example on right)
  30. 30. Attached file contains JavaScript targeting vulnerabilities in PDF readers not running latest patches
  31. 31. After PC exploited, the malware fetches other malware from the Internet</li></ul>Source: Commtouch<br />
  32. 32. Malware Trends<br />Other Malware in Q1 targeted<br />Figure below shows the flow of attack<br />
  33. 33. Malware Trends<br />Read all the details in the complete April 2011 threat report at www.commtouch.com/threat-report<br />Other major malware attacks in Q1 2011:<br /><ul><li>Kama Sutra Virus
  34. 34. T-Online used for fake AV</li></li></ul><li>Malware Trends<br />Top 10 Malware of Q1 2011<br />Source: Commtouch <br />
  35. 35. Other trends in Q1 2011…<br />Compromised Websites<br />
  36. 36. Compromised Websites<br />Analysis of Web sites most likely to be compromised with malware or phishing <br /><ul><li>For the first time in over a year, pornographic and sexually explicit sites have been displaced by parked domains and spam sites
  37. 37. For both these types of sites, the hosting of malware may well be part of the design of such sites</li></li></ul><li>Compromised Websites<br />Website categoriesinfected with malware<br />Website categoriesinfected with phishing<br />Portals category includes sites offering free homepages, which are abused to host phishing and malware content.<br />
  38. 38. Compromised Websites<br />Trends in Compromised Websites<br /><ul><li>Compromised websites being used to host spam product pages
  39. 39. Benefits for the spammer
  40. 40. Provides FREE hosting
  41. 41. Forum domains most likely whitelisted by many URL filtering or anti-spam engines preventing these sites and associated spam emails from being blocked</li></li></ul><li>Compromised Websites<br />New Trend – Phishers cutting costs and streamlining<br />Analysis of attack on:HomeAway holiday rentals<br />Page source reveals filled in form data sent to “formbuddy.com”, not collected directly by the phisher<br />Source: Commtouch<br />
  42. 42. Compromised Websites<br />New Trend – Phishers cutting costs and streamlining<br />Formbuddy collects and stores all the responses to the “form” and then emails a neat summary to the phisher<br />Benefits to the phisher:<br /><ul><li>Doesn’t have to worry about creating/managing/storing back end form data collection
  43. 43. Cuts costs
  44. 44. Can more easily scale the harvesting of phished data</li></li></ul><li>Other trends in Q1 2011…<br />Spam Trends<br />
  45. 45. Spam Trends<br /><ul><li>Pharmacy spam remained in the top spot
  46. 46. Dropped to 28% of all spam
  47. 47. Down from 42% in Q4 2010
  48. 48. 419 fraud, enhancements, and dating all increased </li></ul>Source: Commtouch <br />
  49. 49. Spam Trends<br />Spam Sending Domains <br />Commtouch monitors domains used by spammers in the “from” field of the spam emails, typically faked in order to give the impression of a reputable, genuine source.<br />
  50. 50. Spam Trends<br />Top spam sending domains <br />Others<br /><ul><li>10th place – ups.comDue to the very large numbers of fake UPS notification emails sent as part of the March outbreak
  51. 51. 17th place – dhl.comUsed in the later stages of the March outbreak
  52. 52. 40th place – postmaster.twitter.comUsed extensively throughout Q1 to distribute fake Twitter notifications with links to pharmacy sites</li></ul>Source: Commtouch <br />
  53. 53. Q1 2011 Spam Trends<br />Zombie distribution by country in Q1 2011<br />Source: Commtouch<br /><ul><li>India remains atop the list with 17%
  54. 54. Brazil returned to second place with 12% after drop in last quarter
  55. 55. Russia dropped 3% to 7%
  56. 56. Vietnam moved into 3rd place
  57. 57. UK, Germany and Kazakhstan all dropped out of the top 15 replaced by Peru, Columbia and Poland</li></li></ul><li>Other trends in Q1 2011…<br />Web 2.0<br />
  58. 58. Web 2.0 Trends<br />Web 2.0 Trends<br />Commtouch’s GlobalView Network tracks billions of Web browsing sessions and URL requests, and its URL Filtering service includes highly granular categorization of Web 2.0 content. In addition to filtering accuracy, this provides insight into the most popular user generated content sites. <br />
  59. 59. Web 2.0 Trends<br />Most Popular User Generated Content Sites<br />Includes sites with live or archived media for download or streaming content, such as Internet radio, Internet TV or MP3 files<br />These blogs typically cover television, movies, and music as well as hosting celebrity fan sites and entertainment news<br />Source: Commtouch <br />
  60. 60. Review of Q1 2011<br />
  61. 61. Review of Q1 2011<br />Source: Commtouch<br />
  62. 62. Download the complete April 2011 Internet Threats Trend Reportatwww.commtouch.com/threat-report<br />
  63. 63. For more information contact:<br />info@commtouch.com<br />650 864 2000 (Americas) <br />+972 9 863 6888 (International)<br />Web: www.commtouch.com<br />Blog: http://blog.commtouch.com<br />

×