Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Symantec Announces August 2010 MessageLabs Intelligence Report: Rustock whittles its bots but increases output with new tactic

August 2010 by symantec

Symantec Corp. announced the publication of its August 2010 MessageLabs Intelligence Report. Analysis reveals that the percentage of spam sent from botnets has increased to 95 percent of all spam up from 84 percent in April. Rustock remained the most dominant spam-sending botnet responsible for the majority of botnet spam, 41 percent in August up from 32 percent in April, but shrinking in the number of bots under its control from 2.5 million in April to 1.3 million in August.

“Overall, the total amount of spam in circulation is down slightly from the previous quarters as most botnets have reduced their number of bots,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services. “One exception is Rustock which has decreased its number of bots but increased its volume, more than doubling the amount of spam sent from each bot per minute resulting in a 6 percent increase in spam emails per day.”
One factor in the increased throughput from Rustock is that the botnet has stopped using TLS encryption to send spam, thus speeding up connections. At its peak in March, TLS encrypted spam accounted for 30 percent of spam from all sources and as much as 70 percent of spam from Rustock. Now that the use of TLS in spam-sending has declined, it accounts for less than 0.5 percent of all spam.

“It is likely that because TLS slow connections due to the additional encryption processing required to send a spam email, the botnet controllers realized that this tactic impeded their spam-sending capabilities,” Wood said. “As a result, Rustock’s dominance has never looked better as its spam-per-bot-per-minute rate more than doubled from 96 spam emails to 192.”

Also in August, the UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil. With similar increases in Germany, France and Italy, four of the top 10 spam sending countries are now found in Western Europe.

However, the US is home to the greatest number of bots, most notably Rustock, Storm and Asprox. In April 2010, seven percent of Rustock bots were located in the US. This number had doubled to 14 percent by August.
In August there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.

“We have seen impressive activity from the usual botnet suspects,” Wood said, “and in many cases there are likely to be newer incarnations of existing botnets that have been updated and there are also likely to be some brand new botnets that are now beginning to emerge.”

Other report highlights:

Spam: In August 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 92.2 percent (1 in 1.08 emails), an increase of 3.3 percentage points since July.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 327.6 emails (0.31 percent) in August, a decrease of 0.02 percentage points since July. In August, 21.2 percent of email-borne malware contained links to malicious websites, an increase of 4.1 percentage points since July.

Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Phishing: In August, phishing activity was 1 in 363.1 emails (0.275 percent) an increase of 0.10 percentage points since July.

Web security: Analysis of web security activity shows that 34.3 percent of malicious domains blocked were new in August, an increase of 3.8 percentage points since July. Additionally, 12.9% of all web-based malware blocked was new in August; a decrease of 0.2 percentage points since last month. MessageLabs Intelligence also identified an average of 3.360 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 24.1percent since July.

Geographical Trends:

• Spam levels in Hungary rose 3.3 percentage points to 96.3 percent in August positioning it as the most spammed country.

• In the US, 92.5 percent of email was spam and 91.7 percent in Canada. Spam levels in the UK were 91.9 percent.

• In the Netherlands, spam accounted for 93.5 percent of email traffic, while spam levels reached 93.0 percent in Germany, 94.9 percent in Denmark and 91.7 percent in Australia.

• Spam levels in Hong Kong reached 93.2 percent and 90.3 percent in Singapore. Spam levels in Japan were at 90.3 percent and 94.1 percent in China.

• Virus activity in Spain was 1 in 64.1 emails, making it the most targeted for email-borne malware in August.

• Virus levels for the US were 1 in 417.9 and 1 in 290.8 for Canada. In Germany, virus levels reached 1 in 281.3, 1 in 354.9 in Denmark, 1 in 461.6 for the Netherlands, 1 in 346..3 for Australia, 1 in 264.9 for Hong Kong, 1 in 493.8 for Japan and 1 in 634.6 for Singapore.

• Oman became the most targeted for phishing attacks in August with 1 in 185.3 emails comprising a phishing attack.

Vertical Trends:

• In August, the most spammed industry sector with a spam rate of 94.8 percent was the Automotive sector.

• Spam levels for the Education sector were 92.9 percent, 92.6 percent for the Chemical & Pharmaceutical sector, 92.7 percent for IT Services, 92.8 percent for Retail, 91.7 percent for Public Sector and 91.2 percent for Finance.

• In August, the Government/Public Sector became the most targeted industry for malware with 1 in 74.6 emails being blocked as malicious.

• Virus levels for the Chemical & Pharmaceutical sector were 1 in 243.2, 1 in 284.9 for the IT Services sector, 1 in 477.1 for Retail, 1 in 155.7 for Education and 1 in 215.4 for Finance.

The August 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.

The full report is available at http://www.messagelabs.com/intelligence.aspx.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts