Hackers still out phishing

Symantec has announced the results of the September 2011 Symantec Intelligence Report, which saw phishing attacks in South Africa increase once again.

Symantec has announced the results of the September 2011 Symantec Intelligence Report, which saw phishing attacks in South Africa increase once again. The country is now positioned as the most targeted geography for phishing, with one in 133.1 emails.

This month’s analysis also reveals that a deluge of malicious email-borne malware has left a clear mark on the threat landscape for September. Approximately 72% of all email-borne malware in September could be characterised as aggressive strains of generic polymorphic malware, first identified in the July Symantec Intelligence Report. At the end of July, this rate was 23.7%, in August it fell slightly to 18.5% before soaring to 72% in September.

‚This unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures,‚ said Paul Wood, Senior Intelligence Analyst, Symantec.cloud.

Further analysis reveals that the social engineering behind many of these attacks has accelerated with the adoption of a variety of new techniques, such as pretending to be an email from a smart printer/scanner being forwarded by a colleague in the same organisation has been detected.

‚The idea of an office printer sending malware is an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future,‚ Wood said.

Although spam levels remained fairly stable during September, Symantec Intelligence observed the use of identified vulnerabilities in certain older versions of the popular WordPress blogging software on a large number of web sites across the internet. Spam emails containing links to these compromised web sites are being spammed out. It is however important to note that blogs hosted by WordPress itself seem to be unaffected.

Additional research reveals that JavaScript is becoming increasing popular as the programming language used by spammers and malware authors. Spammers use it to conceal where they are redirecting pages, and in some cases, to conceal entire web pages.

‚For spammers, hosting simple JavaScript obfuscation pages on free hosting sites can increase the lifetime of that site before the site operator realises the page is being used for malicious activity,‚ Wood said. ‚JavaScript is popularly used for redirecting visitors of a compromised web site to the spammer’s landing page. While some of these techniques have been common in malware distribution for some time, spammers are increasingly using them.‚

September 2011 highlights:

Spam: The global ratio of spam in email traffic came down to 74.8 percent (1 in 1.34 emails), a decrease of 1.1 percent compared to August 2011.

74.3 percent of email traffic in South Africa was spam.

Phishing: Phishing email activity dropped by 0.26 percent since August 2011. One in 447.9 emails (0.223 percent) comprised some form of phishing attack.

In South Africa, phishing attacks increased once again, positioning the country as the most targeted geographic region for phishing attacks: one in 133.1 emails.

E-mail-borne threats: The global ratio of email-borne viruses in email traffic was one in 188.7 emails (0.53 percent), an increase of 0.04 percent since August 2011.

Web-based malware threats: Symantec Intelligence identified an average of 3,474 web sites each day harboring malware and other potentially unwanted programs including spyware and adware: an increase of 1.0 percent since August 2011.

Endpoint threats: The most frequently blocked malware for the last month was W32.Sality.AE, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the internet.

Geographical trends:

Spam

Phishing

E-mail-borne threats

Vertical Trends:

The September 2011 Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.

*