Upload
cyren
View
7
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Internet Threats Trend Report
July 2012
July 2012 Threat Report
The following is a condensed version of the July 2012 Commtouch Internet Threats Trend Report
You can download the complete report athttp://www.commtouch.com/threat-report-july-2012
Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
Key Security Highlights
Trends in Q2 2012…
Malware Trends
Q2 Malware Trends
Blended attacks mix brands and malware
The attacks all included similar characteristics:• Well-crafted emails matching those of known companies which were sent
out in large volumes. • The emails included links to multiple compromised websites which then
redirected to the malware hosting websites. • The compromised websites were often based on the WordPress content
management system. • The malware itself was mostly hosted on various .ru domains. • The malware pages showed simple messages such as “Please Wait –
Loading” (black text on white). • The same Flash and Adobe Reader exploits were used in most of the
malware
Q2 Malware Trends
Blended attacks mix brands and malware
Q2 Malware Trends
Movie ticket hoax hides malware on Dropbox
• Email offers free movie tickets• Clicking on the links leads to several redirects and scripts• Download of file “entrada_cine.zip” from the following link:
• https://dl.dropbox.com/u/689--025/bts/entrada_cine.zip
Q2 Malware Trends
Email-attached malware
• Increase over Q1 levels• Sample attacks:
• DHL tracking• “why did you put this photo online”
Q2 Malware Trends
Source: Commtouch
Rank Malware name Rank Malware name
1 W32/RLPacked.A.gen!Eldorado 6 W32/Sality.gen2
2 W32/InstallCore.A2.gen!Eldorado 7 W32/RAHack.A.gen!Eldorado
3 W32/Sality.C.gen!Eldorado 8 W32/OnlineGames.FL.gen!Eldorado
4 W32/HotBar.L.gen!Eldorado 9 W32/Vobfus.AD.gen!Eldorado
5 W32/Heuristic-210!Eldorado 10 JS/Pdfka.EV.gen
Top 10 Malware of Q2 2012
Q2 Malware Trends
For a complete analysis of Malware in Q2 and thespecific attacks employed, download the complete July
2012 Internet Threats Trend Reporthttp://www.commtouch.com/threat-report-july-2012
Trends in Q2 2012…
Web Security
Malware and spam campaigns used compromised sites extensively
Q2 Compromised Websites
• Sample LinkedIn email leads to simple notice while malware is downloaded
• Legitimate site continues to function normally
Source: Commtouch
Website categories infected with malware
Q2 Compromised Websites
• Pornographic sites disappeared from the top 10 as many legitimate sites from different categories found themselves hacked and hosting malware
Source: Commtouch
Rank Category Rank Category
1 Education 6 Sports
2 Travel 7 Leisure & Recreation
3 Business 8 Health & Medicine
4 Entertainment 9 Fashion and beauty
5 Restaurants and dining
10 Streaming media and downloads
Phishing campaigns also using compromised sites
Q2 Compromised Websites
• Sample – Yahoo phishing uses compromised photography site from Romania
• Legitimate site continues to function normally
Source: Commtouch
Q2 Compromised Websites
• During the second quarter of 2012, Commtouch analyzed which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner).
• Portals (offering free website hosting) remained at the highest position.
Rank Category Rank Category
1 Portals 6 Business
2 Fashion & Beauty
7 Arts
3 Sports
8 Streaming media and downloads
4 Shopping
9 Computers and technology
5 Education 10 Travel
Source: Commtouch
Website categories infected with phishing
Q2 Web Security
Download the complete July 2012 InternetThreats Trend Report for more details
http://www.commtouch.com/threat-report-july-2012
Trends in Q2 2012…
Spam Trends
Q2 Spam Trends
Source: Commtouch
Spammers invent “Facebook Social”
Links lead via compromised sites to pharmacy sites
Q2 Spam Trends
Source: Commtouch
Phony MySpace, Facebook emails
Links lead to the “wikipharmacy”
Q2 Spam Trends
• Marginal decrease compared to previous quarter• Average daily spam levels dropped to 91 billion spam and phishing
emails/day
Source: Commtouch
Spam levels – Jan to June 2012
Spam Levels
• Spam averaged 76% of all emails in Q2
Q2 Spam Trends
Source: Commtouch
Spam % of all emails – Jan to June 2012
Spam %
Q2 Spam Trends
Subjects include:• Pharmaceuticals (pills, pfizer) • Replicas (Breitling, replica) • Enhancers
Source: Commtouch
Spam cloud for Q2 2012
Q2 Spam Trends
• Pharmacy spam continued to increase, as it did last quarter, to nearly 41% of all spam (~3% more than the previous quarter)
• Enhancer and diet-themed spam increased while replica spam dropped almost 8%
Source: Commtouch
Spam Topics in Q2
Q2 Spam Trends
Top Faked (Spoofed) Spam Sending Domains*
* Domains used by spammers in the “from” field of the spam emails.
Source: Commtouch
Q2 Spam Trends
Find out more about Spam Trends in Q2 bydownloading the complete JulyInternet Threats Trend Report
http://www.commtouch.com/threat-report-july-2012
Trends in Q2 2012…
Zombie Trends
Q2 Zombie Trends
• Average turnover: 303,000 newly activated each day sending spam (increase from 270,000 in Q1 2012)
Daily Turnover of Zombies in Q2
Sou
rce
: C
omm
touc
h
Daily newly activated spam zombies: Jan to June 2012
Q2 Zombie TrendsWorldwide Zombie Distribution in Q2
• India again claimed top zombie producer title, moving above 20%• Poland, Italy, and Indonesia dropped out of the top 15, replaced
by Saudi Arabia, Romania, and more surprisingly, Germany – which has stayed well out of the top 15 for over one and a half years.
Source: Commtouch
Download the complete July 2012 InternetThreats Trend Report for more details
http://www.commtouch.com/threat-report-july-2012
Q2 Zombie Trends
For more information contact:[email protected]
650 864 2000 (Americas) +972 9 863 6895 (International)
Web: www.commtouch.comBlog: http://blog.commtouch.com