Symantec Announces July 2011 Symantec Int

 

Symantec Announces July 2011 Symantec Intelligence Report

Aggressive use of rapidly changing malware leads to rise in
sophisticated socially engineered attacks; twist in phishing attacks
bait mobile phone users

TORONTO, ON - July 26, 2011- Symantec Corp. (Nasdaq: SYMC) today
announced the publication of its July 2011 Symantec Intelligence
Report <http://bit.ly/nBNz1n> , now combining the best research and
analysis from the Symantec.cloud MessageLabs Intelligence Report
<http://bit.ly/nYxPUj>  and the Symantec State of Spam & Phishing
Report. This month's analysis reveals a significant increase in
activity related to what may be described as an aggressive and rapidly
changing form of generic polymorphic[1] malware. With one in 280.9
emails identified as malicious in July, the rise accounted for 23.7
percent of all email-borne malware intercepted in July; more than
double the same figure six months ago, indicating a much more
aggressive strategy on the part of the cyber criminals responsible.

Click to Tweet
<http://twitter.com/intent/tweet?text=Aggressive+use+of+rapidly+changi
ng
+malware+leads+to+rise+in+sophisticated+socially+engineered+attacks:+h
tt p://bit.ly/qenShi> : Aggressive use of rapidly changing malware
leads to rise in sophisticated socially engineered attacks:
http://bit.ly/qenShi

"The number of variants, or different strains of malware involved in
each attack has grown dramatically, by a factor of 25 times, when
compared to the previous six months.  This is a disturbing
proliferation in such a short time, increasing the risk profiles of
many organizations as these new strains are much harder to detect
using traditional security defenses," said Paul Wood, senior
intelligence analyst, Symantec.cloud.

The report shows that the malware is frequently contained inside an
executable within the attached ZIP archive file, and often disguised
as a PDF file or an office document, for example. "This new aggressive
approach to distributing generic polymorphic malware on such a scale
should be concerning for many businesses, particularly for those who
rely solely on more traditional security countermeasures, which this
type of malware is designed to evade. One example of this technique
involves changing the startup code in almost every version of the
malware; subtly changing the structure of the code and making it
harder for emulators built-in to many anti-virus products to identify
the code as malicious," added Wood.

Further analysis also reveals that phishing attacks have been seeking
various means to exploit vulnerable cell phone users. According to
Wood, "Two key areas in which we can see this trend are, firstly, the
increase in phishing against wireless application protocol (WAP)
pages, which are lightweight Web pages designed for smaller mobile
devices such as cell phones; and secondly, the use of compromised
domain names that have been registered for mobile devices, for
example, using the .mobi top-level domain."

Symantec has identified phishing sites spoofing such Web pages and has
been monitoring the trend. In July, social networking and information
services brands were frequently observed in these phishing sites. The
primary motive of these attacks continues to be identity theft.
Targeting cell phone users is just part of a new strategy for
achieving the same result.

Other report highlights:

Spam: In July 2011, the global ratio of spam in email traffic rose to
77.8 percent (one in 1.29 emails); an increase of 4.9 percentage when
compared with June 2011.

Phishing: In July, phishing email activity increased by 0.01
percentage points since June 2011; one in 319.3 emails (0.313 percent)
comprised some form of phishing attack.

E-mail-borne Threats: The global ratio of email-borne viruses in email
traffic was one in 280.9 emails (0.333 percent) in July, an increase
of 0.01 percentage points since June 2011.

Web-based Malware Threats: In July, Symantec Intelligence identified
an average of 6,797 Web sites each day harboring malware and other
potentially unwanted programs including spyware and adware; an
increase of 25.5 percent since June 2011.

Endpoint Threats:  The most frequently blocked malware for the last
month was W32.Ramnit!html. This is a generic detection for .HTML files
infected by W32.Ramnit[2], a worm that spreads through removable
drives and by infecting executable files. The worm spreads by
encrypting and then appending itself to files with .DLL, .EXE and .HTM
extensions. Variants of the Ramnit worm accounted for 17.3 percent of
all malicious software blocked by endpoint protection technology in
July.

Geographical Trends:

Spam

*       As the global spam level declined in July 2011, Saudi Arabia
remained the most spammed geography, with a spam rate of 85.6 percent
Russia remained the second most-spammed. *      In the US, 78.0
percent of
email was spam and 77.7 percent in Canada. *    The spam level in the
UK
was 78.2 percent.  *    In The Netherlands, spam accounted for 78.8
percent of email traffic, 77.9 percent in Germany, 77.6 percent in
Denmark and 75.8 percent in Australia. *        In Hong Kong, 76.8 percent
of
email was blocked as spam and 75.7 percent in Singapore, compared with
74.7 percent in Japan. *        Spam accounted for 76.9 percent of email
traffic in South Africa and 78.7 percent in Brazil.

Phishing

*       Phishing attacks in the UK increased to overtake South Africa
and become the most targeted geography for phishing emails in July,
with one in 127.9 emails identified as phishing attacks. Phishing in
South Africa fell slightly to make it the second most targeted
country, with one in 163.1 emails identified as phishing attacks.
*       Phishing levels for the US were one in 1,237 and one in 192.6 for
Canada.  *      In Germany phishing levels were one in 798.3, one in 1,448
in Denmark and one in 526.9 in The Netherlands.  *      In Australia,
phishing activity accounted for one in 850.8 emails and one in 2,503
in Hong Kong; for Japan it was one in 13,167 and one in 872.9 for
Singapore. *    In Brazil, one in 382.4 emails were blocked as phishing
attacks.

E-mail-borne threats

*       Email-borne malware attacks rose in South Africa as the country
became the geography with the highest ratio of malicious emails in
July, overtaking the UK as one in 125.2 emails was identified as
malicious in July; in the UK one in 127.0 emails was malicious. *       In
the US, virus levels for email-borne malware were one in 634.8 and one
in 255.9 for Canada.  * In Germany virus activity reached one in
482.1, one in 1,033 in Denmark and in The Netherlands one in 451.3.
*       In Australia, one in 654.8 emails were malicious and one in 748.7 in
Hong Kong; for Japan it was one in 2,093, compared with one in 761.8
in Singapore. * In Brazil, one in 332.1 emails in contained malicious
content.

Vertical Trends:

*       In July, the Automotive industry sector remained the most
spammed industry sector, with a spam rate of 80.7 percent.
*       Spam levels for the Education sector reached 80.3 percent and
77.9 percent for the Chemical & Pharmaceutical sector; 77.8 percent
for IT Services, 77.8 percent for Retail, 77.0 percent for Public
Sector and 77.0 percent for Finance. *  The Public Sector remained the
most targeted by phishing activity in July, with one in 73.2 emails
comprising a phishing attack.

*       Phishing levels for the Chemical & Pharmaceutical sector were
one in 799.0 and one in 566.2 for the IT Services sector; one in 482.3
for Retail, one in 87.8 for Education and one in 396.7 for Finance.
*       With one in 62.1 emails being blocked as malicious, the Public
Sector remained the most targeted industry in July.  *  Virus levels
for the Chemical & Pharmaceutical sector were one in 438.9 and one in
390.0 for the IT Services sector; one in 418.3 for Retail, one in 79.1
for Education and one in 443.5 for Finance.

The July 2011 Symantec Intelligence Report provides greater detail on
all of the trends and figures noted above, as well as more detailed
geographical and vertical trends. The full report is available here.

[1] Polymorphic malware may have many variations of the same code
using different encoding techniques, but the functionality of the
program remains the same in each version

Related

*         July 2011 Symnatec Intelligence Report (PDF)
<http://bit.ly/n88coo>

*         SlideShare Presentation: July 2011 Symantec Intelligence
Report <http://slidesha.re/pitv8t>

*         Symantec.cloud Global Threats <http://bit.ly/pHrCF1>

*         Symantec.cloud Intelligence Reports <http://bit.ly/nYxPUj>

*         Symantec.cloud In the News <http://bit.ly/obdClc>

*         Symantec.cloud Podcasts <http://bit.ly/qweCip>

Connect with Symantec

*       Follow Symantec on Twitter <http://bit.ly/9UEQS5>

*         Follow Symantec.cloud on Twitter <http://bit.ly/ihKCnF>

*       Join Symantec on Facebook <http://on.fb.me/c38I19>
*       View Symantec's SlideShare Channel <http://slidesha.re/f8GVKn>
*       Subscribe to Symantec News RSS Feed <http://bit.ly/nMSAC6>
*       Visit
Symantec Connect Business Community <http://bit.ly/oloAD0>


About Symantec Intelligence Report

The Symantec Intelligence report combines the best research and
analysis from the Symantec.cloud MessageLabs Intelligence Report and
the Symantec State of Spam & Phishing Report.  The new integrated
report, the Symantec Intelligence Report, provides the latest analysis
of cyber security threats, trends and insights from the Symantec
Intelligence team concerning malware, spam, and other potentially
harmful business risks.  The data used to compile the analysis for
this combined report includes data from June and

July 2011.

About Symantec

Symantec's Canadian operations are headquartered in Toronto with
offices in Montreal, Ottawa, Calgary and Vancouver.  For more
information on Symantec products or current promotions, access
Symantec's Canadian Web site at www.symantec.ca. Symantec is an active
member of the Business Software Alliance (BSA).


Symantec is a global leader in providing security, storage and systems
management solutions to help consumers and organizations secure and
manage their information-driven world.  Our software and services
protect against more risks at more points, more completely and
efficiently, enabling confidence wherever information is used or
stored. More information is available at www.symantec.com
<http://www.symantec.com/> .

###


 

Click here to download:
- (13 KB)

Click here to download:
- (43 KB)