The Deadly Duo: Spam and Viruses, July 2006

Virus fixes in July turned out to be haphazard. McAfee reportedly unintentionally fixed a flaw in its ePolicy Orchestrator software. Later reports said Symantec issued a faulty antivirus update affecting Symantec Norton Antivirus 2006, Norton Internet Security 2006, and Systemworks 2006. Symatec promptly issued a workaround to resolve the issue.

Spam touting stocks was targeted in “Spam Works: Evidence from Stock Touts and Corresponding Market Activity,” a report written jointly by Laura Frieder at Purdue University and Jonathan Zittrain from Harvard Law School and Oxford Internet Institute. The report looks at how spammers manipulate the market by buying penny stocks and sending spam touting the company the following day. The observance is spammers “buy low, spam high.”

Sophos issued a warning on stock spam scams, and in particular pointed to a married couple in Greenwich, Conn. Who were charged by federal regulators with making $1 million through a stock market pump-and-dump scam.

The firm also revealed the “dirty dozen” spam relaying countries for April to June. In order of spam relaying volumes: the U.S. (23.2 percent); China and Hong Kong (20 percent); South Korea (7.5 percent); France (5.2 percent); Spain (4.8 percent); Poland (3.6 percent); Brazil (3.1 percent); Italy (3 percent); Germany 2.5 percent); U.K. (1.8 percent); Taiwan (1.7 percent) and Japan (1.6 percent). Other countries account for 22 percent of spam relaying activity.

Phishing has become more present in the inbox. Estimates place e-mails spoofing PayPal and eBay comprise 75 percent of all phishing e-mails.

Top 10 Hoaxes Reported to Sophos, July 2006
Position Hoax Percentage of Reports
1 Olympic torch 12.8
2 Hotmail hoax 10.6
3 Justice for Jamie 4.5
4 Bonsai kitten 4.0
5 Meninas da Playboy 3.1
6 Budweiser frogs screensaver 2.6
6 Bill Gates fortune 2.6
7 MSN is closing down 2.4
8 Mobile phone hoax 2.3
9 A virtual card for you 1.9
Others 53.2
Source: Sophos Plc., 2006

Top 10 Malware, July 2006
Rank Malware Frequency (%)
1 W32/Netsky-P 19.3
2 W32/Mytob-AS 13.9
3 W32/Bagle-Zip 9.7
4 W32/Nyxem-D 6.3
5 W32/MyDoom-O 6.0
6 W32/Zafi-B 4.2
7 W32/Netsky-D 4.0
8 W32/Mytob-C 3.6
9 W32/Mytob-FO 1.7
10 W32/MyDoom-AJ 1.7
Others 29.6
Source: Sophos Plc., 2006

MessageLabs noticed the emergence of “smarter” spam attacks that abuse mobile text messaging and online social networking sites. While threats become more advanced, the global ratio of spam decreased slightly. Spam volume dipped 2.1 percent to 62.7 percent for the month. The highest volume was seen in Israel with 77.3 percent, and the lowest occurred in India with only 23.1 percent spam volumes. The mineral and fuel vertical saw the greatest increase in spam with a 10 percent jump. The business support services sector had the greatest virus rate with one in 12 e-mails delivering a virus.

A Ferris Researchanalyst issued a useful tip. In Germany, the law stipulates organizations must not delete spam once received by the mail exchanger (MX) server. Messages believed to be spam or malicious must be rejected before SMTP’s Data transaction or quarantined. Analyst Richi Jennings suggests one solution; placing MX servers outside of Germany.

Computers are vulnerable to attack, according to Kaspersky Lab which sees attacks as inevitable. Espionage is typically virus writers’ goal, and over half the top 20 viruses are programs that use various methods to harvest user information and confidential data like bank account numbers.

Online Scanner Top 20 for July, 2006
Position Name Percentage
1 Trojan-Spy.Win32.Banker.anv 1.59
2 Trojan-Dropper.Win32.Microjoin.bx 1.41
3 Email-Worm.Win32.Rays 1.12
4 Email-Worm.Win32.Brontok.q 0.97
5 Trojan-Dropper.Win32.Agent.asl 0.91
6 not-a-virus:PSWTool.Win32.RAS.a 0.85
7 Trojan-Dropper.Win32.Agent.arv 0.83
8 Trojan-Downloader.Win32.Small.ddp 0.76
9 Packed.Win32.Klone.g 0.67
10 not-a-virus:AdWare.Win32.Delf.j 0.65
11 Trojan.Win32.VB.ami 0.64
12 Email-Worm.Win32.Bagle.gen 0.58
13 not-a-virus:Monitor.Win32.Perflogger.163 0.52
14 Backdoor.Win32.Rbot.gen 0.47
15 Virus.Win32.Parite.b 0.44
16 0.43
17 P2P-Worm.Win32.VB.dw 0.42
18 Virus.Win32.Hidraga 0.42
19 Trojan-Spy.Win32.Agent.gk 0.42
20 Trojan-Downloader.Win32.Obfuscated.n 0.42
Other malicious programs 85.48
Source: Kaspersky Lab, 2006

Related reading

Flat business devices communication with cloud services isolated on the light blue background.