The Symantec Intelligence Report for February 2012 highlights a 68% spam rate, a slight decrease from January, while phishing and malware rates increased marginally to 1 in 358 and 1 in 274 emails respectively. Additionally, 2,305 malicious web sites were blocked daily, representing a 9.7% rise since the previous year, with emerging cyber-attacks targeting impersonation of the Better Business Bureau. The report also provides insights into spam and phishing categories, malware metrics, and best practices for users and enterprises.

1. Symantec Intelligence Report
February 2012
Symantec Intelligence 1

2. February 2012 – Report Highlights
 Spam – 68.0 percent (a decrease of 1.0 percentage points since January
2011)
 Phishing – One in 358.1 emails identified as phishing (an increase of 0.01
percentage points since January 2011)
 Malware – One in 274.0 emails contained malware (an increase of 0.03
percentage points since January 2011)
 Malicious Web sites – 2,305 Web sites blocked per day (an increase of 9.7
percent since January 2011)
 New wave of cyber-attacks designed to impersonate the Better Business
Bureau
 Blogs review
 Best Practices for Enterprises and Users
Symantec Intelligence 2

3. Spam Rate & Sources
3

4. Additional Spam Metrics
Global Spam Categories Size of Spam Messages
February January 2011 February January
Category Name Message Size
2012 2012 2011
Adult/Sex/Dating 43.0% 22.5% 0Kb – 5Kb 58.6% 55.7%
Pharmaceutical 30.5% 38.0% 5Kb – 10Kb 26.1% 30.5%
Watches/Jewelry 9.0% 27.5% >10Kb 15.2% 13.8%
Weight Loss 4.5% 3.5%
Unknown/Other 2.5% 1.5%
Software 2.0% 0.5% Spam Attack Vectors
Jobs/Recruitments 1.5% 0.5%
Malware 1.5% <0.5%
Scams/Fraud/419 1.5% 0.5%
Unsolicited Newsletters 1.0% 2.5%
Casino/Gambling 1.0% 2.0%
Phishing 1.0% <0.5%
Degrees/Diplomas 0.5% 0.5%
Symantec Intelligence 4

5. Phishing Rate & Sources
5

6. Additional Phishing Metrics
Geographic Location of Phishing Web Sites
6

7. Additional Phishing Metrics
Tactics of Phishing Distribution
Organizations Spoofed in Phishing Attacks, by Industry
Symantec Intelligence 7

8. Email Malware Rate
8

9. Additional Malware Metrics
Frequently Blocked Email-borne Malware
Malware Name % Malware
Exploit/SpoofBBB 5.22%
W32/Bredolab.gen!eml.j 4.62%
Exploit/Link-generic-ee68 4.21%
Trojan.Bredolab 3.37%
Exploit/LinkAliasPostcard-4733 3.05%
VBS/Generic 2.25%
Exploit/FakeAttach 2.10%
Exploit/Link-5434 1.84%
Packed.Generic.349 1.68%
Trojan.Bredolab!eml-30e2 1.62%
NB: 27.4 percent of email-borne malware contained links to malicious Web sites
Symantec Intelligence 9

10. Web-based Malware Analysis
Malware and Spyware Sites Blocked Per Day
Web Policy Risks from Inappropriate Use
Symantec Intelligence 10

11. Most Frequently Blocked Malware at the Endpoint
Frequently Blocked Malware by Endpoint Security
Malware Name1 % Malware
WS.Trojan.H 28.05%
W32.Sality.AE 4.38%
W32.Downadup.B 3.53%
W32.Ramnit.B!inf 3.43%
W32.Ramnit!html 3.18%
Trojan.Maljava 2.92%
W32.Ramnit.B 2.80%
Trojan.ADH.2 2.39%
Trojan.Malscript!html 1.89%
Trojan.ADH 1.49%
NB: Approximately 17.1 percent of the most frequently blocked malware last month was
identified and blocked using generic detection.
*For further information on these threats, please visit:
http://www.symantec.com/business/security_response/landing/threats.jsp
Symantec Intelligence 11

12. Where to next?
• Web:
– www.symanteccloud.com/intelligence
– www.symantec.com/spam
– www.symantec.com/alert
– www.facebook.com/symantec
• Intranet
– syminfo.ges.symantec.com/hostedservices
• Twitter:
– @symantec
– @symanteccloud
– @threatintel
Symantec Intelligence 12