Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Internet ThreatsTrend ReportOctober 2012
October 2012 Threat Report         The following is a condensed version          of the October 2012 Commtouch            ...
Key Security Highlights
Malware Trends
Android Malware•   Android malware continues to grow – both in volume and in    the number of variants•   One attack made ...
Android Malware•   The downloaded file “update.apk” (.apk is a packaged    Android app) requires the user to activate the ...
Groupon Malware Deals                               Android Malware•   Authentic Groupon formatting•   Malware attachment ...
Attached-malware levels
Top 10 Malware of Q3 2012Rank           Malware name        Rank           Malware name 1     SWF-malform-1               ...
Spam Trends
Grum Botnet Takedown• Reported near end-July• The takedown was the effort of FireEye assisted by  Spamhaus, and other indu...
Spam Percentage• Spam averaged 74% of all emails sent during the quarter, a  decrease of 2% from Q2
Spam Zombies• The number of zombies activated on the reported day of the  Grum takedown was the lowest of the quarter• Not...
Spam Templates•   Example from August•   Spammers mistakenly leave script text inside sent emails•   Text gives us an idea...
Spam Topics Cloud• Frequently occurring terms printed in proportionally larger  text
Spam Topics• Pharmacy spam dropped nearly 10% this quarter but  remained the most common spam subject• Enhancer spam gaine...
Olympic Games Scams• The Olympic Games (July and August) proved to be a very  popular theme for 419 scams during the quart...
Web Trends
Wells Fargo attack uses hacked sites• Phony Wells Fargo emails link to compromised sites• Sites redirect to destination ma...
Web categories: malware• Analysis of which categories of legitimate Web sites were  most likely to be hiding malware pages...
Web categories: phishing• Analysis of which categories of legitimate Web sites were  most likely to be hiding phishing pag...
Zombie Hotspots
Zombie Hotspots• India still hosts over 20% of the world’s spam sending zombies• Morocco and Saudi Arabia dropped out of t...
October 2012 Threat Report    You can download the complete report at     http://www.commtouch.com/threat-report-oct-2012C...
For more information contact:      info@commtouch.com    650 864 2000 (Americas) +972 9 863 6895 (International)   Web: ww...
Upcoming SlideShare
Loading in …5
×

Commtouch october 2012 internet threats trend report

1,670 views

Published on

Commtouch’s quarterly Internet Threats Trend Report covers Web threats, phishing, malware, and spam. The October 2012 report describes the growing menace of Android malware as shown by attacks that exclusively targeted the Google OS. The convincingly named “update” app provided its distributors with a platform for a mobile Android botnet or a vehicle for theft of corporate data.
July provided yet another botnet takedown – this time the Grum spam botnet. Although spam and zombie levels appeared to drop, the effect proved to be temporary. Spammers rallied quickly to recruit new zombies and resume spam-sending operations within a matter of days. The October Trend Report also covers Olympic Games scams, careless spammers, and the “calling card” that one malware gang keeps using.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Commtouch october 2012 internet threats trend report

  1. 1. Internet ThreatsTrend ReportOctober 2012
  2. 2. October 2012 Threat Report The following is a condensed version of the October 2012 Commtouch Internet Threats Trend Report You can download the complete report at http://www.commtouch.com/threat-report-oct-2012Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalVieware trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware areregistered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
  3. 3. Key Security Highlights
  4. 4. Malware Trends
  5. 5. Android Malware• Android malware continues to grow – both in volume and in the number of variants• One attack made use of compromised email accounts to send simple one-link emails (in the past these were usually links to spam)• In this case the malware URLs only worked for Android devices
  6. 6. Android Malware• The downloaded file “update.apk” (.apk is a packaged Android app) requires the user to activate the installation• Malware could work as a proxy to steal data from devices on corporate VPNs• Alternatively, the network access would allow communication with botnet command and control servers
  7. 7. Groupon Malware Deals Android Malware• Authentic Groupon formatting• Malware attachment extracts to “Coupon gift.exe”• Commtouch’s Antivirus identifies the malware as W32/Trojan3.DWY• Only 30% of the 41 engines on VirusTotal detected the malware within a few hours of the attack
  8. 8. Attached-malware levels
  9. 9. Top 10 Malware of Q3 2012Rank Malware name Rank Malware name 1 SWF-malform-1 6 CVE-2010-3333 2 W32/Ramnit.Q 7 W32/MyWeb.D@adw 3 W32/Conficker!Generic 8 W32/Injector.A.gen!Eldorado 4 W32/Mabezat.A-2 9 W32/Mabezat.A-1 5 W32/Agent.PJ.gen!Eldorado 10 W32/Tenga.3666
  10. 10. Spam Trends
  11. 11. Grum Botnet Takedown• Reported near end-July• The takedown was the effort of FireEye assisted by Spamhaus, and other industry experts and network operators• Immediate effect was the lowest spam per single day in the last 3 years (near 51 billion messages)• However, spam levels returned to average numbers almost immediately
  12. 12. Spam Percentage• Spam averaged 74% of all emails sent during the quarter, a decrease of 2% from Q2
  13. 13. Spam Zombies• The number of zombies activated on the reported day of the Grum takedown was the lowest of the quarter• Note the ramp-up of daily activated zombies in the 2 weeks following the takedown• Average turnover: 304,000 newly activated each day for sending spam (minor increase from Q2 2012)
  14. 14. Spam Templates• Example from August• Spammers mistakenly leave script text inside sent emails• Text gives us an idea of how a template with variations is built• Designed to outwit spam filters
  15. 15. Spam Topics Cloud• Frequently occurring terms printed in proportionally larger text
  16. 16. Spam Topics• Pharmacy spam dropped nearly 10% this quarter but remained the most common spam subject• Enhancer spam gained almost 10% and replica themed spam dropped almost 5% to be only the 5th most popular topic
  17. 17. Olympic Games Scams• The Olympic Games (July and August) proved to be a very popular theme for 419 scams during the quarter• Most scams promised money from Olympics-related lotteries• Other emails offered Games-related merchandise for large fees or offered recipients interesting Olympic job- opportunities (in exchange for “processing” fees)
  18. 18. Web Trends
  19. 19. Wells Fargo attack uses hacked sites• Phony Wells Fargo emails link to compromised sites• Sites redirect to destination malware store• Blackhole Exploit Kit, in the form of obfuscated JavaScript on the final destination page, assesses the exploitable versions of various browsers and add-ons and executes appropriate payloads that start a process of downloading further malware onto the victim’s computer
  20. 20. Web categories: malware• Analysis of which categories of legitimate Web sites were most likely to be hiding malware pages (usually without the knowledge of the site owner)• Education category on top again Rank Category Rank Category 1 Education 6 Restaurants & Dining 2 Shopping 7 Travel 3 Sports 8 Health & Medicine 4 Business 9 Streaming Media & Downloads 5 Entertainment 10 Leisure & Recreation
  21. 21. Web categories: phishing• Analysis of which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner)• Portals (offering free website hosting) remained at the highest position Rank Category Rank Category 1 Portals 6 Real Estate 2 Education 7 Leisure & Recreation 3 Arts Sports 8 Travel 4 Shopping 9 Computers & Technology 5 Business 10 Health & Medicine
  22. 22. Zombie Hotspots
  23. 23. Zombie Hotspots• India still hosts over 20% of the world’s spam sending zombies• Morocco and Saudi Arabia dropped out of the top 15 – Replaced by Spain and Colombia
  24. 24. October 2012 Threat Report You can download the complete report at http://www.commtouch.com/threat-report-oct-2012Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalVieware trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware areregistered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
  25. 25. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.comBlog: http://blog.commtouch.com

×