Categories: SecurityWorkspace

Malicious Web Activity Declined In April, Says Symantec

Spam volumes and the number of malicious Websites fell in April, according to the latest MessageLabs monthly report from Symantec.cloud.

Spam dropped 6.4 percent in April, making up 72.9 percent of all email traffic and the number of Websites blocked for carrying malware fell by nearly 20 percent, Symantec.cloud researchers wrote in the April MessageLabs Intelligence report. The spam decline may be the direct result of the shutdown of the Rustock botnet in mid-March, but it remained a problem.

Overall Drop In Malicious Activity

Overall malicious Web activity also declined. Although there was an average of 2,431 Websites harbouring malware, spyware and adware, there were 18.2 percent fewer sites than in March, the report found. A third of the malicious sites and 22.5 percent of all Web-based malware blocked were new in April, all lower than the March numbers.

Virus and phishing levels remained virtually unchanged in April. The most frequently blocked malware was the W32.Sality.AE virus, which spreads by infecting executable files. However, there was an increase in Bredolab, Sasfis, Zeus and Spyeye related malware, which accounted for 55.1 percent of all malware. These Trojans tend to spread as ZIP file attachments rather than hyperlinks.

Only 13.2 percent of email-borne malware contained links to a malicious Website in April, a drop of 50.3 percent since March. The decline is actually because the increased volume of malicious attachments “pushed down the relative proportion of attacks using hyperlinks”, the researchers wrote.

MessageLabs Intelligence identified 11 automated bots operating on a “popular micro-blogging service”, posting messages that used shortened URLs pointing to rogue Web sites. The bots randomly inserted Twitter handles into the spam messages to encourage users to click to find out why they were mentioned. The bots were also checking the trending topics and inserting those terms in their automated messages, according to the report.

Clicking on the links generally redirected users to a Website filled with advertisement links, which generated pay-per-clicks for the site owner.

After the shortened URL in the message was active for an hour, the bots would update the message to use a different link pointing to the same malicious portal, making it harder to be detected or blocked. Even if services like bit.ly try to shut down the link, the bots have already moved on.

Spear Phishing Increasing

The April report also examined some targeted attacks that occurred in March. The number of targeted attacks rose to 85 per day in March, a 10.5 percent increase over a six-month period, the report found.

“The trend in targeted attacks suggests there may be a seasonal pattern as the number of targeted attacks always seems to be higher at this time of year,” said Paul Wood, MessageLabs Intelligence Senior Analyst at Symantec.cloud.

Attackers may be moving away from wide-scale spam campaigns and focusing on targeted attacks on individuals and organisations. The number of targeted attacks per day in March 2011 was at the second-highest rate recorded by Symantec.cloud since the run-up to London’s G20 summit in March 2009, according to the report.

While the number of targeted attacks has increased, the overall number of attacks has not increased significantly, according to the report.

The report highlighted the recently discovered Adobe zero-day vulnerability (CVE-2011-0609), which could be exploited by a malicious Flash file embedded inside an Excel document. Adobe has patched the vulnerability. MessageLabs Intelligence researchers analysed one variant of the exploit and found that it downloaded a Poison Ivy backdoor Trojan, whose command-and-control server had a German IP address.

“Although sophisticated zero-day exploits are common, old-fashioned techniques are often used as well, and may be equally successful with the right level of social engineering, such as the use of ‘spear-phishing’,” the researchers wrote.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.
Tags: Spam

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

9 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

10 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

10 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

11 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

11 hours ago