commtouch april 2013 internet threats trend report
Post on 19-Oct-2014
2.552 views
DESCRIPTION
Commtouch’s quarterly Internet Threats Trend Report covers Web threats, phishing, malware, and spam. The first quarter of 2013 saw significant growth in unwanted and dangerous emails with a significant spike in levels occurring in March. The spike affected spam and phishing as well as malware emails. Pump and dump spam made a massive comeback. Spammers and particularly malware senders increasingly exploited current news events in their campaigns. In Web security, the first quarter of 2013 saw extensive use made of the Blackhole exploit kit.TRANSCRIPT
1 | Trend Report Overview Real Security. In Real Time.
Internet Threats Trend Report
April 2013
2 | Trend Report Overview Real Security. In Real Time.
The following is a condensed version of the April 2013 Commtouch Internet Threats Trend Report
You can download the complete report athttp://www.commtouch.com/threat-report-april-2013
Copyright© 2013 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
April 2013 Threat Report
Spam Trends
4 | Trend Report Overview Real Security. In Real Time.
Average 97.4 billion spam emails sent worldwide each day In March average rose to 117.8 billion
• March: 78.1 percent of all email were spam, a significant increase from January when the spam share was as low as 60 percent
Spam levels
5 | Trend Report Overview Real Security. In Real Time.
Spammers use current news topics of the day to lure recipients into opening messages or clicking on links
• Examples: New Pope election, Cyprus financial crisis
Event related spam
6 | Trend Report Overview Real Security. In Real Time.
Re-emergence of pump and dump or penny stock spam• 43% in Q1
(part of “other” category)
Spam Topics
7 | Trend Report Overview Real Security. In Real Time.
Origins of spam
Zombie Trends
9 | Trend Report Overview Real Security. In Real Time.
Not related to spam zombie levels• Daily levels were basically constant during the attacks• Reports suggested that the attack was the work of one or more
organizations who resented their inclusion in one or more of the Spamhaus blocklists
Spamhaus DDoS attack
10 | Trend Report Overview Real Security. In Real Time.
India still hosts over 12% of the world’s spam sending zombies
• Zombie distribution was dominated by Asia (the top three and five out of the top ten), South America (three) and Eastern Europe (two).
Zombie Hotspots
Malware Trends
12 | Trend Report Overview Real Security. In Real Time.
Q1 average: 973 million malware emails sent each day• In March, volume rose by 75.1 percent compared to February
More localized email-malware campaigns• Eg: Zalando, hotel.de, flugladen.de
Email-attached-malware levels
13 | Trend Report Overview Real Security. In Real Time.
Single link emails sent from the compromised Yahoo accounts
Links lead to compromised websites which redirect to “distribution sites”
Distribution sites direct the visitor based on the browser type PC visitors sent to diet scam pages
Android targeted attacks (1)
14 | Trend Report Overview Real Security. In Real Time.
Android visitors sent to malware download page
Commtouch’s Antivirus detects malware: AndroidOS/NotCom.A
• Acts as a proxy so it’s able to transmit and receive network data through the infected android device. This means it can steal all kinds of sensitive data sent or received through the device network connection
Android targeted attacks (2)
Web Security Trends
16 | Trend Report Overview Real Security. In Real Time.
The first quarter of 2013 saw extensive use made of the Blackhole exploit kit.
• The JavaScript on the page scans the visiting system to determine the versions of popular and operating system software such as Adobe Flash, Adobe Reader, Java, Windows, and browsers.
• Once the kit has determined that there is vulnerability – for example, in an older version of Adobe Flash found on the visiting system – the relevant exploit is loaded allowing the controller to gain a foothold on the infected system.
• Finally the Blackhole controller, having gained control of the visitor, can now deliver further malicious content. This could include a wide range of badware such as fake AV, ransomware, or logging software to steal banking and Web credentials.
Blackhole exploit kit (1)
17 | Trend Report Overview Real Security. In Real Time.
A range of emails were used to drive recipients to Blackhole hosting sites
Blackhole exploit kit (2)
18 | Trend Report Overview Real Security. In Real Time.
Rank Category Rank Category
1 Education 6 Health & Medicine
2 Business 7 Transportation
3 Travel 8 Leisure & Recreation
4 Sports
9Pornography/Sexually explicit
5 Entertainment 10 Free Web Pages
Analysis of which categories of legitimate Web sites were most likely to be hiding malware pages (usually without the knowledge of the site owner)
Education category on top again
Web categories: malware
19 | Trend Report Overview Real Security. In Real Time.
Rank Category Rank Category
1 Free Web Pages Portals 6 Shopping
2 Education 7 Travel
3 Computers & Technology 8 Real Estate
4 Business 9 Streaming Media
5 Sports 10 Health & Medicine
Analysis of which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner)
Portals (offering free website hosting) remained at the highest position
Web categories: phishing
Further Info
21 | Trend Report Overview Real Security. In Real Time.
You can download the complete report athttp://www.commtouch.com/threat-report-april-2013
22 | Trend Report Overview Real Security. In Real Time.
For more information contact:[email protected] 888 974 5805 (Americas)+49 30 5200 560 (EMEA) +972 9 863 6888 (APAC)
Web: www.commtouch.comBlog: http://blog.commtouch.com