Deadly Duo: May 2005
Spammers use celebrities to grab the spotlight -- and to infect PCs.
Spammers use celebrities to grab the spotlight -- and to infect PCs.
PandaLabs reports on a new type of spam-distributed malware (<ahref=”HTTP: m TERM www.webopedia.com malware.html?>define) that crested in May. Messages subject headings contain a celebrity name. Britney Spears appears most often, followed by Bill Gates and Jennifer Lopez. The most recent spam in this category has gone out under a Michael Jackson heading.
The threat is particularly dangerous; the email contains a link or attached file and which can exploit browser vulnerability or insert HTML application Inor.AK. This provides further access to the user’s computer for the program to install Downloader.DBR, which can then download the Dedler worm.
May introduced other new trends in spam and virus activity. A report issued from Commtouch tracked the volume of spam from individual countries and found 25.8 percent comes from Japan and Korea. The European Union sends out 24.71 percent, while the U.S. sends just 18.48 percent.
The report finds pharmaceuticals are the most predominant product in email sent by spammers, with 38.6 percent of spam in the category. Finance ranks second at 14.8 percent, and scams and frauds including stock-alerts, phishing and “Nigerian-sting” variations grab a 11.5 percent spam share.
Origin of Spam | ||
---|---|---|
Regional Breakdown (%) | ||
Japan-Korea | 25.78 | |
Europe | 24.71 | |
North America | 18.48 | |
Greater China (China, HK, Taiwan) | 16.32 | |
Asia Pacific | 4.73 | |
South America | 9.38 | |
National Breakdown (%) | ||
South Korea | 23.30 | |
United States | 15.57 | |
China | 13.76 | |
France | 5.52 | |
Brazil | 4.61 | |
Spain | 3.17 | |
Canada | 2.91 | |
United Kingdom | 2.51 | |
Japan | 2.48 | |
Germany | 2.28 | |
Source: Commtouch, 2005 |
Phishing define) now targets smaller financial institutions; the trend caused enough of a ripple in the spam pond to coin a new term. Websense calls the phenomenon “puddle phishing.” The company has seen over 30 instances of phishing targeting small credit unions since the beginning of the year. Websense said the increase in attacks on smaller institutions could indicate the scam is highly profitable.
Websense also surveyed IT decision-makers and reports 45 percent say employees have clicked on URLs embedded in phishing scams. Half dono believe employees can accurately identify phishing sites. A further 32 percent said phishing attacks caused security problems for their organizations in the past year.
Phishing was also shown to cause a lack of confidence in email communications with financial institutions in a study co-sponsored by The Radicati Group and Mirapoint, entitled “End-User Study on E-Mail Hygene.” The report says one-third of users were discouraged from communicating with banks and other financial institutions via email due to increased phishing attacks.
Number Who Avoid E-Mail Communication With Financial Institutions Due to Security Fears | |
---|---|
Corporate users | 31% |
Consumer users | 35% |
Overall | 33% |
Source: The Radicati Group Inc. and Mirapoint Inc., 2005 |
“[Phishing” continues to stay bad. Spam volumes remain quite high,” said Scott Petry, founder and SVP of Postini. “We continue to see it as a dynamic and fluid environment, and it changes on an hour-by-hour basis.”
Click to view full-size chart |
The Mirapoint and Radicati study looks at the amount of spam corporate and consumer users receive. It says 36 percent of corporate users and 64 percent of consumers unsubscribe to spam by following the instructions in the message. Users who unsubscribe to spam or click on links in the emails report an increase in the volume of spam they receive.
The Zombie report, released by Prolexic, identifies AOL as the most infected network. The top four compromised networks also included Comcast, Bellsouth and Verizon in the U.S. The report identifies a change in the way DdoS attacks (define) are coordinated. There’s less emphasis on Layer-3 TCP and more on the weakness of DdoS mitigation devices.
Kapersky Lab reported the top 20 viruses in the month of May. Though there was not much movement, LoveGate and Zafi swapped the five and six spots. A new version of the German worm, Sober.p jumped into seventh place after first being detected on May second.
Kaspersky Lab Top 20 Virus Report, May 2005 | |
---|---|
Rank | Virus |
1 | Net-Worm.Win32.Mytob.c |
2 | Email-Worm.Win32.NetSky.q |
3 | Email-Worm.Win32.NetSky.aa |
4 | Email-Worm.Win32.NetSky.b |
5 | Email-Worm.Win32.Zafi.b |
6 | Email-Worm.Win32.LovGate.w |
7 | Email-Worm.Win32.Sober.p |
8 | Net-Worm.Win32.Mytob.u |
9 | Email-Worm.Win32.Zafi.d |
10 | Net-Worm.Win32.Mytob.q |
11 | Email-Worm.Win32.Mydoom.l |
12 | Net-Worm.Win32.Mytob.h |
13 | Net-Worm.Win32.Mytob.t |
14 | Worm.Win32.Eyeveg.f |
15 | Email-Worm.Win32.NetSky.d |
16 | Net-Worm.Win32.Mytob.au |
17 | Email-Worm.Win32.Mydoom.m |
18 | Net-Worm.Win32.Mytob.ar |
19 | Email-Worm.Win32.NetSky.t |
20 | Email-Worm.Win32.NetSky.x |
Source: Kaspersky Lab, 2005 |