SOURCE: MessageLabs, Inc.

May 01, 2008 06:00 ET

MessageLabs Intelligence April 2008: Web-Based Malware Escalates While Storm Calms Down

Targeted Trojans Reach New Daily Levels While Yahoo! Email Targeted by Spammers

NEW YORK, NY and LONDON--(Marketwire - May 1, 2008) - MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for April 2008. Analysis shows that during April, the Storm botnet has dramatically decreased to just five percent of its original size, while web-based malware has increased by 23.3 percent.

The introduction of new malicious software removal tools, which are aimed at targeting and removing Storm infections, are deemed responsible for the sudden reduction in Storm-infected machines, now estimated at approximately 100,000 compromised computers. Previously estimated at two million, the decline in Storm's botnet size is evident by the 57 percent decrease in malware-laden emails distributed by the Storm botnet during April.

While the Storm botnet decreased in size, analysis of web-based malware identified that 36.1 percent of interceptions in April were new, an increase of 23.3 percent since March. MessageLabs also identified an average of 1,214 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 619 per day compared with the previous month.

"April was a month of unpredictability with the mighty Storm botnet losing all but five percent of its anonymous army and web-based malware reaching new levels," said Mark Sunner, Chief Security Analyst, MessageLabs. "This month we find ourselves fighting the cybercrime battle on many fronts, with the bad guys using an arsenal of weapons in order to detonate spam, viruses, phishing attacks and targeted Trojans, making it more important than ever to have a strong security shield in place."

On the cusp of the 30th anniversary of the first spam message, MessageLabs identified a new spamming technique being used to send authenticated spam email via Yahoo!'s SMTP servers. This spam attack accounts for one percent of all spam intercepted in April and has been used to advertise services for Canadian Pharmacy, a well-known spam operation. By using the SMTP server and a DomainKeys Identified Mail (DKIM) authentication technique, the spammers can ensure that the email generated is harder to block based on traditional anti-spam methods.

In addition, MessageLabs Intelligence reported targeted attacks reaching new heights this month, with MessageLabs intercepting approximately 70 targeted Trojans per day, an increase of 250 percent on the December 2007 levels of 28 per day. Leveraging interest in the Beijing 2008 Olympics Games, MessageLabs has intercepted 13 separate Olympic themed attacks over the past six months which use legitimate-sounding email subject titles, such as "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents". Some attacks purported to be from the International Olympic Committee, based in Lausanne Switzerland, however in reality all of the attacks but one were sent from an IP address within Asia Pacific.

Finally, MessageLabs has uncovered a new way that scammers are abusing professional social networking sites like Linked-In. For the first time, they are taking advantage of these sites to lend legitimacy to Nigerian 419 advance fee fraud scams by creating profiles with false credentials that pertain to the business involved in the scam.

Other report highlights:

Web Security: Analysis of Web security activity shows 36.1 percent of all web-based malware intercepted was new in April, as increase of 23.3 percent since March.

Spam: In April 2008, the global ratio of spam in email traffic from new and previously unknown bad sources, was 73.5 percent (1 in 1.36 emails), a decrease of 0.3 percent on the previous month.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources, was 1 in 218.9 emails (0.46 percent) in April, a decrease of 0.13 percent since the previous month.

Phishing: April saw an increase of 0.05 percent in the proportion of phishing attacks compared with the previous month. One in 206.1 (0.49 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails rose by 13.1 percent to 87.1 percent of all email-borne malware threats intercepted in April.

Geographical Trends:

--  In April, Hong Kong reclaimed the top-spot from Switzerland as the
    most spammed country with spam levels reaching 83.7 percent of all email.
    The largest increase in spam levels was in Canada, with an increase of 5.85
    percent.
--  Spam levels in the US reached 70.1 percent in April, 75 percent in
    Canada and 66.2 percent in the UK.  Germany's spam rate reached 70.6
    percent and the Netherlands remained at 68.6 percent. Spam levels in
    Australia were 62.2 percent, 69.8 percent in China and 66.2 percent in
    Japan.
--  Virus activity fell across almost all regions in April, with the
    largest decrease in India at 0.69 percent, which takes it out of the top
    five targeted countries. Despite a decrease of 0.62 percent, Switzerland
    remains the most targeted country for viruses with levels of 1 in 119.8
    emails.
--  Virus levels for the US were 1 in 365.1 and 1 in 146.7 for Canada. In
    the UK, virus levels were 1 in 147.9 and 1 in 348.3 for Germany.  In
    Australia, virus levels were 1 in 317.4 and 1 in 782 for Japan.
    

Vertical Trends:

--  Spam levels fluctuated across several industry sectors in April, with
    Manufacturing remaining the top vertical for spam activity at 82 percent.
    The greatest rise was noted in the Accomodation and Catering sector, where
    spam levels rose by 5.06 percent to 79.5 percent.
--  Spam levels for the Retail sector were 75 percent,  70.8 percent for
    Public Sector and 68 percent for Finance.
--  Virus levels fell across many industry verticals during April. Despite
    a drop of 0.07 percent, Accomodation and Catering claimed the most virus
    activity with 1 in 62.4 emails infected.
--  Virus levels for the the Finance sector were 1 in 326.8, 1 in 273.5
    for IT Services and 295.7 for Retail.
    

The April 2008 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 17,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com