Press Release
Home > Press Release > Marketwire
Symantec Announces MessageLabs Intelligence 2008 Annual Security Report
Storm's Demise Gives Way to New Trends in Spam and Malware; Botnets Extend Their Reach
Font Scale: 
CUPERTINO, CA -- (Marketwire) -- 12/04/08 -- Symantec Corp. (NASDAQ: SYMC) today announcedthe launch of its MessageLabs Intelligence 2008 Security Report. The annualreport details how 2008 was a pivotal year for the cyber security landscapeas revolutionary advances in malware and spam techniques made their mark onthe underground "shadow" economy.
Total spam levels peaked at 82.7 percent in February 2008 and averaged 81.2percent for the year, compared with 84.6 percent in 2007. As much as 90percent of spam was being distributed by botnets, including the notoriousStorm (Peacomm) botnet, which appeared on the threat landscape in early2007 and all but disappeared by the end of the year, giving way to rivalbotnets like Srizbi and Cutwail (Pandex), until community action inSeptember and November resulted in the takedown of two U.S. ISPs blamed forhosting the command and control channels for some of the largest botnets,including Mega-D (Ozdok) and Srizbi, which had been responsible for about50 percent of all spam. With the exception of Srizbi, the affected botnetshave since found alternative hosting, resulting in a return to spam levelsclose to those before the takedowns, with rival botnets such as Cutwail andRustocktaking-up the slack left by Srizbi's absence.
In 2008, spammers developed an affinity for spamming from large, reputableweb-based email and application services by defeating CAPTCHA (CompletelyAutomated Public Turing Test to tell Computers and Humans Apart) techniquesto generate massive numbers of personal accounts from these services. InJanuary, 6.5 percent of spam originated from these hosted webmail accounts,peaking in September when 25 percent of spam originated from these sources,averaging about 12 percent for the remainder of the year.
"2008 was an important year for the security industry as new threatsemerged and old threats evolved while the Internet gained sophisticationand its users became more web-savvy than ever before," said Mark Sunner,chief security analyst, MessageLabs. "CAPTCHA breaking became one of thebest ways to spam and a wide variety of spam ensued emanating from freeweb-mail and social networking sites, which require personal accounts foraccess."
Complex web-based malware targeting social networking sites andvulnerabilities in legitimate websites, became widespread in 2008,resulting in malware being installed onto computers with no userintervention required. The daily number of new websites containing malwarerose from 1,068 in January to its peak at 5,424 in November. The averagenumber of new websites blocked daily rose to 2,290 in 2008 from 1,253 in2007, largely due to increased attacks using SQL injection techniques.
As web-based attacks became more popular during 2008, email-based attacksrose by .15 percent compared with 2007. In 2008, 1 in 143.8 (0.70 percent)emails were malicious, compared with 1 in 117.7 (0.85 percent) for 2007. Inaddition, two distinct targeted attack patterns emerged during 2008.MessageLabs Intelligence noted the number of targeted Trojan attacksintercepted rose to 53 per day in 2008, peaking at 78 per day in April2008, compared with one to two per week in 2005, 1 to 2 per day in 2006 and10 per day in early 2007.
"Web 2.0 offers endless opportunities to scammers for distributing theirmalware -- from creating bogus social networking accounts to spoofed videos-- and in 2008 the threats targeting social networking environments becamevery real," Sunner said. "Web 2.0 thrives on user-generated content, as dothe spammers. The ability to adapt to new mediums and upload enticingcontent as 'snake oil' to persuade an information-hungry user to activateit, is one of the cybercriminals' strongest talents and has made themsuccessful in transforming deception into a fully scalable business modelwithin the underground shadow economy."
Emphasizing how threats of this kind have increased in popularity over thelast year, one targeted Trojan spoofed an organization involved with theOlympic Games in late July disguising malware hidden in a file attachment,using embedded JavaScript to drop a malicious executable program onto thetarget's computer. The malware was sent to several participating nations'sporting organizations and athletic representatives. Another targetedTrojan, distributed with the intent of corporate espionage, spoofed awell-known business organization purporting to relate to a complaint filedagainst the recipient, and involved approximately 900 targeted Trojansintended for senior executives worldwide.
Towards the end of 2008, the credit crisis generated many new financerelated attacks as spammers and scammers sought to take advantage of thepanic and uncertainty surrounding the changes on Wall Street and around theworld.
Rogue Bots and Social Networking
During 2008, botnets were responsible for 90 percent of all spam, andresponsible for a rise in the proportion of email-borne malware containedin links to malicious websites. This proportion peaked at 61.1 percent inFebruary, when an increase of malicious activity from Storm was responsiblefor 96 percent of these interceptions. Before its demise, one of Storm'slast activities involved a new bout of malware that appeared in July 2008using headlines involving celebrities meeting their death and containedlinks to sites that when activated resulted in the installation ofAntivirus XP 2008, a rogue anti-spyware program which could be installedwithout the user's involvement. The program runs a fake scan on thecomputer offering to remove the number of infections found for a fee.Following Storm's demise, links to this rogue application were spammed outby other botnets, including Srizbi, Rustock and Mega-D. One third ofmalicious links intercepted in July were related to "Antivirus XP 2008" andby August, 64 percent of malicious emails, mostly spoofing fake greetingcards, contained links to Trojan droppers designed to install the rogueanti-spyware program.
Another cybercriminal favorite of 2008 involved the distribution of malwareon social networking sites, first seen in small amounts toward the end of2007. One tactic that became popular this year was to create fake profileson social networking sites using them to post malicious links and to phishother users. Once a user is phished, spammers can post blog comments on thepages of their friends and send messages from the phished accounts to othercontacts. The messages were mostly used to dispense spam, including linksto spam sites such as online pharmacies. After gaining access to legitimateuser profiles, scammers then harvest the available personal information tofurther target users, wreaking havoc.
Finally, phishing underwent some notable transformations in 2008 asphishing attacks from specialized botnets became commonplace. While theintensity of phishing attacks hasn't changed significantly over the courseof the year, the targets have widened to include recruitment agencies andonline retailers in addition to the financial institutions of before. Thenumber of specialized banking Trojans is expected to rise further in 2009.
Top Trends in 2008
Web Security: For 2008, the average number of new malicious websitesblocked each day rose to 2,290 compared with 1,253 for 2007, an increase of82.8 percent owing mostly to an increase in SQL injection attacks.
Spam: In 2008 the annual average spam rate was 81.2 percent, a decline of3.4 percent on the 2007 statistic of 84.6 percent. In 2008, the majority ofspam was made up of text-only or HTML content and an increasing proportionof spam originated from reputable web-based email and application serviceproviders.
Viruses: The average virus level for 2008 was 1 in 143.8 emails (.70percent) reflecting a .15 percent decrease on 2007 where levels averaged at1 in 117.7 (.85 percent) emails. The decline can be attributed to thetransition to spreading malware using malicious content hosted on websitesand drive-by installs rather than favoring email as the primary means ofdistribution.
Phishing: The number of phishing attacks was 1 in 244.9 (.41 percent)emails across 2008, compared to 1 in 156 emails in 2007. Phishing activitypeaked in February at 1 in 99.1, due partly to the increase inplug-and-play style phishing kits and the increased use of specializedbotnets for phishing activity.
The annual MessageLabs Intelligence Report provides greater detail on allthe trends and figures noted above, as well as more detailed trends for2008. The full report is available athttp://www.messagelabs.com/Threat_Watch/Intelligence_Reports.
About Symantec
Symantec is a global leader in providing security, storage and systemsmanagement solutions to help consumers and organizations secure and managetheir information-driven world. Our software and services protect againstmore risks at more points, more completely and efficiently, enablingconfidence wherever information is used or stored. More information isavailable at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on SymantecCorporation and its products, please visit the Symantec News Room athttp://www.symantec.com/news. All prices noted are in U.S. dollars and arevalid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks ofSymantec Corporation or its affiliates in the U.S. and othercountries. Other names may be trademarks of their respective owners.
CONTACT:US:Marissa VicarioSymantec Corp.+1 646 519 8116Email ContactEMEA:Paul WoodSymantec+44 (0) 1452 627705Email ContactAPAC:Andrew AntalSymantec+61 2 8208 7171Email Contact
In 2008, spammers developed an affinity for spamming from large, reputableweb-based email and application services by defeating CAPTCHA (CompletelyAutomated Public Turing Test to tell Computers and Humans Apart) techniquesto generate massive numbers of personal accounts from these services. InJanuary, 6.5 percent of spam originated from these hosted webmail accounts,peaking in September when 25 percent of spam originated from these sources,averaging about 12 percent for the remainder of the year.
"2008 was an important year for the security industry as new threatsemerged and old threats evolved while the Internet gained sophisticationand its users became more web-savvy than ever before," said Mark Sunner,chief security analyst, MessageLabs. "CAPTCHA breaking became one of thebest ways to spam and a wide variety of spam ensued emanating from freeweb-mail and social networking sites, which require personal accounts foraccess."
Complex web-based malware targeting social networking sites andvulnerabilities in legitimate websites, became widespread in 2008,resulting in malware being installed onto computers with no userintervention required. The daily number of new websites containing malwarerose from 1,068 in January to its peak at 5,424 in November. The averagenumber of new websites blocked daily rose to 2,290 in 2008 from 1,253 in2007, largely due to increased attacks using SQL injection techniques.
As web-based attacks became more popular during 2008, email-based attacksrose by .15 percent compared with 2007. In 2008, 1 in 143.8 (0.70 percent)emails were malicious, compared with 1 in 117.7 (0.85 percent) for 2007. Inaddition, two distinct targeted attack patterns emerged during 2008.MessageLabs Intelligence noted the number of targeted Trojan attacksintercepted rose to 53 per day in 2008, peaking at 78 per day in April2008, compared with one to two per week in 2005, 1 to 2 per day in 2006 and10 per day in early 2007.
"Web 2.0 offers endless opportunities to scammers for distributing theirmalware -- from creating bogus social networking accounts to spoofed videos-- and in 2008 the threats targeting social networking environments becamevery real," Sunner said. "Web 2.0 thrives on user-generated content, as dothe spammers. The ability to adapt to new mediums and upload enticingcontent as 'snake oil' to persuade an information-hungry user to activateit, is one of the cybercriminals' strongest talents and has made themsuccessful in transforming deception into a fully scalable business modelwithin the underground shadow economy."
Emphasizing how threats of this kind have increased in popularity over thelast year, one targeted Trojan spoofed an organization involved with theOlympic Games in late July disguising malware hidden in a file attachment,using embedded JavaScript to drop a malicious executable program onto thetarget's computer. The malware was sent to several participating nations'sporting organizations and athletic representatives. Another targetedTrojan, distributed with the intent of corporate espionage, spoofed awell-known business organization purporting to relate to a complaint filedagainst the recipient, and involved approximately 900 targeted Trojansintended for senior executives worldwide.
Towards the end of 2008, the credit crisis generated many new financerelated attacks as spammers and scammers sought to take advantage of thepanic and uncertainty surrounding the changes on Wall Street and around theworld.
Rogue Bots and Social Networking
During 2008, botnets were responsible for 90 percent of all spam, andresponsible for a rise in the proportion of email-borne malware containedin links to malicious websites. This proportion peaked at 61.1 percent inFebruary, when an increase of malicious activity from Storm was responsiblefor 96 percent of these interceptions. Before its demise, one of Storm'slast activities involved a new bout of malware that appeared in July 2008using headlines involving celebrities meeting their death and containedlinks to sites that when activated resulted in the installation ofAntivirus XP 2008, a rogue anti-spyware program which could be installedwithout the user's involvement. The program runs a fake scan on thecomputer offering to remove the number of infections found for a fee.Following Storm's demise, links to this rogue application were spammed outby other botnets, including Srizbi, Rustock and Mega-D. One third ofmalicious links intercepted in July were related to "Antivirus XP 2008" andby August, 64 percent of malicious emails, mostly spoofing fake greetingcards, contained links to Trojan droppers designed to install the rogueanti-spyware program.
Another cybercriminal favorite of 2008 involved the distribution of malwareon social networking sites, first seen in small amounts toward the end of2007. One tactic that became popular this year was to create fake profileson social networking sites using them to post malicious links and to phishother users. Once a user is phished, spammers can post blog comments on thepages of their friends and send messages from the phished accounts to othercontacts. The messages were mostly used to dispense spam, including linksto spam sites such as online pharmacies. After gaining access to legitimateuser profiles, scammers then harvest the available personal information tofurther target users, wreaking havoc.
Finally, phishing underwent some notable transformations in 2008 asphishing attacks from specialized botnets became commonplace. While theintensity of phishing attacks hasn't changed significantly over the courseof the year, the targets have widened to include recruitment agencies andonline retailers in addition to the financial institutions of before. Thenumber of specialized banking Trojans is expected to rise further in 2009.
Top Trends in 2008
Web Security: For 2008, the average number of new malicious websitesblocked each day rose to 2,290 compared with 1,253 for 2007, an increase of82.8 percent owing mostly to an increase in SQL injection attacks.
Spam: In 2008 the annual average spam rate was 81.2 percent, a decline of3.4 percent on the 2007 statistic of 84.6 percent. In 2008, the majority ofspam was made up of text-only or HTML content and an increasing proportionof spam originated from reputable web-based email and application serviceproviders.
Viruses: The average virus level for 2008 was 1 in 143.8 emails (.70percent) reflecting a .15 percent decrease on 2007 where levels averaged at1 in 117.7 (.85 percent) emails. The decline can be attributed to thetransition to spreading malware using malicious content hosted on websitesand drive-by installs rather than favoring email as the primary means ofdistribution.
Phishing: The number of phishing attacks was 1 in 244.9 (.41 percent)emails across 2008, compared to 1 in 156 emails in 2007. Phishing activitypeaked in February at 1 in 99.1, due partly to the increase inplug-and-play style phishing kits and the increased use of specializedbotnets for phishing activity.
The annual MessageLabs Intelligence Report provides greater detail on allthe trends and figures noted above, as well as more detailed trends for2008. The full report is available athttp://www.messagelabs.com/Threat_Watch/Intelligence_Reports.
About Symantec
Symantec is a global leader in providing security, storage and systemsmanagement solutions to help consumers and organizations secure and managetheir information-driven world. Our software and services protect againstmore risks at more points, more completely and efficiently, enablingconfidence wherever information is used or stored. More information isavailable at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on SymantecCorporation and its products, please visit the Symantec News Room athttp://www.symantec.com/news. All prices noted are in U.S. dollars and arevalid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks ofSymantec Corporation or its affiliates in the U.S. and othercountries. Other names may be trademarks of their respective owners.
CONTACT:US:Marissa VicarioSymantec Corp.+1 646 519 8116Email ContactEMEA:Paul WoodSymantec+44 (0) 1452 627705Email ContactAPAC:Andrew AntalSymantec+61 2 8208 7171Email Contact
For more information, go to www.marketwire.com
- Sponsored By
-
Recent Press Release
Advertisement
POS Magnetic Card Readers
Online distributor for point of sale equipment, TYSSO and Pegasus.
