The Deadly Duo: Spam and Viruses, December 2005
December closed the book on a year with a significant increase in the number of targeted attacks on businesses and organizations.
December closed the book on a year with a significant increase in the number of targeted attacks on businesses and organizations.
December closed the book on a year with a significant increase in the number of targeted attacks on businesses and organizations, according to the “MessageLabs Intelligence 2005 Annual Security Report” published by MessageLabs.
The first half of the year saw higher volumes of spam, in line with 2004 recorded figures. The annual average percentage of spam was 68.6 percent, or one in every 1.46 email messages identified as spam. In 2004, the average was 72.3 percent, or one in every 1.38 email messages.
Phishing accounted for an annual average of 0.3 percent, or one in every 304 email messages. January was the peak month in terms of phishing, when one in every 126.5 email messages was identified as an attempt at phishing.
MessageLabs noticed an increase in the number of Trojan-borne email messages over the past year. Virus writers have shifted from sending mass-mailing viruses to sending more targeted Trojans through botnets (define). In addition, botnets have evolved from few networks of many zombie PCs to multiple networks of smaller groups of infected systems.
The top 20 virus list from Kaspersky Lab saw movement in December. The Zafi.d virus accounted for almost 30 percent of all malicious programs intercepted in December. The Doombot family subsided after just a few months of circulation, disappearing completely from the top 20 list. Meanwhile, the LovGate.w virus reached third place after several years of troubling computers worldwide.
Other malicious programs not on the top 20 list made up 15.07 percent of intercepted email traffic, indicating that a large number of worms and Trojans from other families still populate the Web.
Top 20 Virus Threats, December 2005 | ||
---|---|---|
Position | Name | Percentage |
1 | Email-Worm.Win32.Zafi.d | 29.17 |
2 | Net-Worm.Win32.Mytob.c | 17.30 |
3 | Email-Worm.Win32.LovGate.w | 6.07 |
4 | Email-Worm.Win32.Sober.y | 4.92 |
5 | Email-Worm.Win32.Zafi.b | 3.73 |
6 | Email-Worm.Win32.NetSky.b | 3.58 |
7 | Email-Worm.Win32.NetSky.q | 2.75 |
8 | Net-Worm.Win32.Mytob.t | 2.29 |
9 | Net-Worm.Win32.Mytob.u | 2.28 |
10 | Net-Worm.Win32.Mytob.q | 1.79 |
11 | Net-Worm.Win32.Mytob.bk | 1.54 |
12 | Net-Worm.Win32.Mytob.h | 1.45 |
13 | Trojan-Spy.HTML.Bayfraud.hn | 1.36 |
14 | Email-Worm.Win32.LovGate.ae | 1.35 |
15 | Email-Worm.Win32.NetSky.y | 1.00 |
16 | Net-Worm.Win32.Mytob.w | 0.96 |
17 | Net-Worm.Win32.Mytob.a | 0.96 |
18 | Email-Worm.Win32.Bagle.dx | 0.83 |
19 | Net-Worm.Win32.Mytob.y | 0.81 |
20 | Net-Worm.Win32.Mytob.x | 0.79 |
Other malicious programs | 15.07 | |
Source: Kaspersky Lab, 2006 |
Panda Software didn’t see an epidemic of virus circulation, it but warns the threat of becoming infected is still a concern. The firm detected a balance of Trojans and worms sent over 2005. It also identified botnets and financial fraud as growing threats.
Top Ten Malware Detected by Panda ActiveScan, 2005 | ||
---|---|---|
Rank | Malware | Frequency (%) |
1 | W32/Sdbot.ftp | 3.70 |
2 | W32/Netsky.P.worm | 2.95 |
3 | Trj/Qhost.gen | 2.29 |
4 | W32/Gaobot.gen.worm | 1.96 |
5 | Trj/Citifraud.A | 1.29 |
6 | Trj/Zapchast.D | 1.13 |
7 | W32/Parite.B | 1.03 |
8 | W32/Netsky.D.worm | 1.02 |
9 | W32/Sasser.ftp | 1.00 |
10 | VBS/Psyme.C | 0.97 |
Source: Panda Software, 2006 |
Bayesian firm Roaring Penguin evaluated the spam sent out over the month of December. It found most terms in the subject lines to be HTML or CSS (define) fragments, possibly drawn from Amazon.com’s HTML code. Top terms on the list of email messages filtered by the software were “search-browse,” “edit1,” and “go-button-software.”
Top 10 Spam Tokens, December 2005 | |
---|---|
Rank | Token |
1 | search-browse |
2 | edit1 |
3 | go-button-software |
4 | right-topnav-default-2 |
5 | cartwish |
6 | display-variation |
7 | Sysworks |
8 | browse-icon-windows |
9 | ripoffs |
10 | Pen1s |
Source: Roaring Penguin Software, 2006 |