July 31, 2007; 05:59 AM
MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today announced the findings of its MessageLabs Intelligence Report for July 2007. Continuing last month's trend, spam sent as PDF attachments remained a preferred tactic for the bad guys, but MessageLabs saw increased adoption by more professional spammers who are now modifying the PDF files to bypass detection.
Approximately 20 percent of all image spam now involves PDFs. In some of the most recent examples, the PDF documents were created programmatically with document protection settings enabled -- features that make spam more likely to bypass detection by typical anti-spam scanners. MessageLabs also noted the PDFs still contained "Bayes Poison," which are long lists of randomly selected words that are unlikely to appear in a normal spam message, as an added cover to evade detection.
The PDF spammers can be placed into two categories:
-- Simple/Amateur: These spammers craft PDF documents using ordinary
tools like Microsoft Word and use the same PDF for the entire spam run.
-- Professional: More sophisticated spammers who attach a different PDF
to every spam. Each PDF is randomized and usually not text-based. Instead,
these spammers insert randomized images into PDF documents as well as use
other tactics such as random page sizes.
"Though PDF files have traditionally been a trusted type of email attachment, we are beginning to see an increase in use for sinister activity," said Mark Sunner, Chief Security Analyst, MessageLabs. "With a nearly 10 percent increase in malware this month, we believe this threat could become more malicious with the potential for spammers to embed malware in the PDFs, which would be automatically downloaded to the victim's computer."
Another significant trend this month was an increase in spam activity across the non-profit sector. Spam sent to non-profits rose by 10.3 percent since June and repositioned the vertical as the eighth most spammed sector with the greatest increase in spam across all industry sectors.
Other report highlights:
Web Security: Analysis shows that 28.3 percent of the malware intercepted in July was new, an increase of almost 10 percent since June. MessageLabs found that 89.6 percent of web viruses and 61.6 percent of spyware intercepted were considered 'Unclassified,' suggesting that the majority of these interceptions were hosted on web sites that were previously unknown and uncategorized. These 'Unclassified' sites can appear and disappear within a 24 to 48 hour timeframe and are used for disreputable purposes. An average of 989 new malicious sites were identified and blocked each day during July.
Spam: In July 2007, the global ratio of spam in email traffic from new and unknown bad sources, for which the recipient addresses were deemed valid, was 71 percent, a decrease of 1.4 percent since June. The most significant increase in spam levels occurred in China with 18.3 percent.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources destined for valid recipients, was 1 in 72.4 emails (1.38 percent) in July, an increase of 0.59 percent since last month.
Phishing: July showed a rise of 0.09 percent in the proportion of phishing attacks compared with the previous month. One in 111.8 (0.89 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and trojans, the quantity of phishing emails has fallen by 7.8 percent since the previous month, now accounting for 64.8 percent of malicious email traffic intercepted in July.
Geographical Trends:
-- Israel continued to have the highest spam rate this month with 60.8
percent.
-- The most significant increase in spam levels occurred in China with
18.3 percent followed by 5.9 percent in the United States.
-- India remains the region most affected by viruses with an increase of
2.08 percent, representing the greatest increase across all geographies in
July.
-- Virus levels fell in Sweden by 0.03 percent, the only country listed
to experience a drop in malware activity this month.
Vertical Trends:
-- Spam directed at the Non-Profits sector rose by 10.3 percent since
June and repositioned this vertical as the eighth most spammed sector.
-- The level of spam increased for all verticals in the top five, between
1.4 percent and 4.6 percent.
-- The largest decrease was noted for the Transport & Utility vertical,
which fell by 3.6 percent.
-- The greatest rise in virus activity during July occurred in the
Education vertical, where levels increased by 1.78 percent since June.
-- The only decrease noted was for the Finance sector, where virus levels
fell by 0.29 percent.
The July 2007 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.
MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.
About MessageLabs
MessageLabs is a leading provider of integrated messaging and web security services, with over 15,000 clients ranging from small business to the Fortune 500 located in more than 80 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.
These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com.
|
PRESS BY MONTH
EDITOR'S DESK
SUBMIT PRESS
