SA a phishing paradise

Symantec’s May 2011 MessageLabs intelligence report has revealed that South African financial institutions were the main target of phishing e-mails during that period.

Symantec has announced the publication of its May 2011 MessageLabs Intelligence Report. This month’s analysis reveals that South Africa’s financial institutions were the main target of phishing e-mails during the month. The Report shows that South Africa was the most targeted geography in the world for phishing e-mails in May, with one in 80.2 e-mails identified as phishing attacks. Added to this, spam accounted for 75.9 percent of email traffic. One in 178.7 emails contained malicious code.

‚It’s no surprise that South Africa is featuring on the global radar for malicious activity,‚ said Jayson O’Reilly, security specialist at Symantec. ‚Our research shows that countries that introduce new communications capacity immediately experience an upsurge as attackers try to take advantage of an online society which may not have the experience to avoid being hit by scams such as phishing and spam attacks. In some cases it takes time for service providers to implement the necessary security measures on their networks to protect subscribers.‚

The May issue also reveals that, for the first time ever and as predicted by MessageLabs Intelligence in its Annual Security Predictions for 2011, spammers are establishing their own their own fake URL-shortening services to perform URL redirection. This new spamming activity has contributed to this month’s increase in spam by 2.9 percentage points, a rise that was also expected following the Rustock botnet takedown in March.

Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer’s fake URL-shortening Web site, which in turn redirects to the spammer’s own Web site.

‚MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared,‚ said Paul Wood, MessageLabs Intelligence Senior Analyst. ‚What is unique about the new URL-shortening sites is that the spammers are treating them as ‚stepping stones’ ‚ a link between public URL-shortening services and the spammers’ own sites.‚

To make things more interesting, these new domains were registered several months before they were used, potentially as a means to evade detection by legitimate URL-shortening services since the age of the domain may be used as an indicator of legitimacy making it more difficult for the genuine shortening services to identify potential abuse.

‚With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption,‚ Wood said. ‚However, as long as new URL-shortening services are being created, we expect spammers to continue abusing them.‚

Other report highlights:

Spam: In May 2011, the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8% (1 in 1.32 emails).

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 222.3 emails (0.450 percent) in May, a decrease of 0.143 percentage points since April.

Endpoint Threats: The most frequently blocked malware targeting endpoint devices for the last month was the W32.Ramnit!html, a worm that spreads through removable drives and by infecting executable files.

Phishing: In May, phishing activity was 1 in 286.7 emails (0.349 percent), a decrease of 0.06 percentage points since April.

Web security: Analysis of Web security activity shows that approximately 3,142 Web sites each day were harboring malware and other potentially unwanted programs including spyware and adware, an increase of 30.4 percent since April 2011. 36.8 percent of malicious domains blocked were new in May, an increase of 3.8 percentage points since April. Additionally, 24.6 percent of all web-based malware blocked was new in May, an increase of 2.1 percentage points since last month.

Geographical Trends:

· Russia became the most spammed in May with a spam rate of 82.2 percent.

· In the US 76.4 percent of email was spam and 75.3 percent in Canada and 75.4 percent in the UK.

· In The Netherlands, spam accounted for 77.5 percent of email traffic, in Germany 75.5 percent, 75.1 percent in Denmark and 73.9 percent in Australia.

· Spam levels in Hong Kong reached 75.2 percent and 74.0 percent in Singapore. Spam levels in Japan were 72.3 percent.

· The UK had the highest ratio of malicious emails in May, as one in 91.7 emails was blocked as malicious in May.

· In the US virus levels were 1 in 540.3 and 1 in 334.5 for Canada. In Germany, virus levels reached 1 in 435.9, 1 in 1,197 in Denmark and 1 in 330.1 for The Netherlands.

· In Australia, 1 in 513.5 emails were malicious and, 1 in 377.2 for Hong Kong, for Japan it was 1 in 1,164 compared with 1 in 706.7 for Singapore.

· and in Brazil it was 1 in 378.3.

Vertical Trends:

· In May, the most spammed industry sector with a spam rate of 80.2 percent was the Wholesale sector.

· Spam levels for the Education sector were 77.4 percent, 76.0 percent for the Chemical & Pharmaceutical sector, 75.4 percent for IT Services, 75.4 percent for Retail, 74.5 percent for Public Sector and 74.7 percent for Finance.

· In May, the Public Sector remained the most targeted industry for malware with 1 in 28.9 emails being blocked as malicious.

· Virus levels for the Chemical & Pharmaceutical sector were 1 in 305.9, 1 in 367.9 for the IT Services sector, 1 in 377.7 for Retail, 1 in 108.8 for Education and 1 in 313.5 for Finance.