The Deadly Duo: Spam and Viruses, October 2005
Sony’s DRM software opens a wide doorway to malicious attacks.
Sony’s DRM software opens a wide doorway to malicious attacks.
New opportunities for intruders arose in October. In addition to ports open to bad operators, malware found a place to hide from security software. Rootkit (define) software used by Sony BMG Music Entertainment to handle digital rights management (DRM) (define) on content-protected CDs allowed certain Trojans to hide behind Sony’s copy-protection code.
Security software firms including Sophos and Symantec were quick to provide protection to users vulnerable to attack. However Sophos Senior Technology Consultant Graham Cluley said the firm wouldn’t be surprised if more malware authors try to take advantage of the security hole. A survey of 1,500 business PC users conducted by Sophos cited Sony’s DRM copy protection as a security threat (98 percent) rather than a fair way to fight music pirates (two percent). The Sony unit discontinued using the DRM software and will allow exchanges for consumers who purchased the discs.
Additional warnings from Sophos included a “health warning” in reaction to a high number of spam emails selling drugs claiming to combat bird flu.
Symantec found North America to have the highest percentage of spam sent in October. North America accounted for 54 percent of spam sent worldwide; Asia dispersed 24 percent; 18 percent of spam originated in Europe; and South America, Australia and Oceania and Africa were responsible for less than five percent combined.
Click on graphic to view chart |
The high percentage of spam hailing from North America is attributed to widespread accessibility to cheaper broadband connectivity. Much of the spam is likely sent from hijacked desktop computers.
The holiday season means more interest in gifts than pharmaceuticals, a trend spammers recognize. Commtouch found spam hawking gifts topped pharmaceuticals for the first time in over two years. In October, spam accounted for 74 percent of Commtouch’s global user base email traffic. Spam accounted for 82 percent of all incoming messages to personal accounts, 62 percent in corporate inboxes. Corporate America receives the most spam; 86 percent of incoming mail is classified as spam. Holland follows with 78 percent. Austria (29 percent) and Hungary (36 percent) receive the lowest percentages of spam.
Top Sent Spam Categories, October 2005 | |||
---|---|---|---|
Topic | Percentage | Popular Examples | |
Gifts | 21.08 | Replicas of brand names (Rolex, Louis Vuitton) | |
Pharmaceuticals | 19.93 | “Your doc thinks you’re a millionaire” | |
Sexual enhancers and dieting | 19.69 | “What every woman has been looking for” | |
Finance | 18.77 | Mortgage refinancing | |
Porn and dating | 12.63 | “Don’t be lonely for another minute” | |
Software | 3.47 | Low-cost Microsoft Windows and Office software | |
Fraud | 2.09 | Stock recommendation, 419 scams, phishing | |
Other | 2.34 | ||
Source: Commtouch, 2005 |
October saw new malicious programs surface. Kaspersky Lab analysts added 1,400 new records to their anti-virus databases. The top 20 viruses includes a few Doombots, including one originally thought to be a variant of the Mytob virus. Three late-entry variants of the email worm Win32.Sober pose a threat to users. The Sober.u, Sober.v, and Sober.w variants will likely top the list of threats in the next month.
Top 20 Virus Threats, October 2005 | ||
---|---|---|
Rank | Virus | Percentage |
1 | Net-Worm.Win32.Mytob.c | 14.56 |
2 | Email-Worm.Win32.Doombot.b | 10.27 |
3 | Email-Worm.Win32.Zafi.d | 7.92 |
4 | Net-Worm.Win32.Mytob.bi | 6.80 |
5 | Email-Worm.Win32.LovGate.w | 5.27 |
6 | Email-Worm.Win32.NetSky.q | 3.66 |
7 | Email-Worm.Win32.Doombot.d | 3.27 |
8 | Email-Worm.Win32.NetSky.b | 3.08 |
9 | Net-Worm.Win32.Mytob.bk | 3.03 |
10 | Net-Worm.Win32.Mytob.t | 2.51 |
11 | Net-Worm.Win32.Mytob.y | 2.35 |
12 | Net-Worm.Win32.Mytob.be | 2.22 |
13 | Net-Worm.Win32.Mytob.q | 2.10 |
14 | Net-Worm.Win32.Mytob.u | 2.08 |
15 | Email-Worm.Win32.Zafi.b | 1.59 |
16 | Email-Worm.Win32.Fanbot.f | 1.46 |
17 | Email-Worm.Win32.Bagle.dx | 1.24 |
18 | Trojan-Spy.HTML.Bayfraud.hn | 1.22 |
19 | Net-Worm.Win32.Mytob.r | 1.20 |
20 | Email-Worm.Win32.NetSky.aa | 1.16 |
Other malicious programs | 23.01 | |
Source: Kaspersky Lab, 2005 |