HNS MAIN FEED
Friday, 23:48 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Spam evolution: September 2009
by Maria Namestnikova - VirusList.com - Thursday, 12 November 2009.
Spam in email traffic
The amount of spam detected in email traffic averaged 86.3% in September 2009. A low of 83.3% was recorded on 18 September with a peak value of 91.3% being reached on 27 September. Most noticeably, for the first time ever Kaspersky Lab’s records show that the quantity of spam received by users throughout September 2009 did not drop below 83%.
Malicious files were found in 1.22% of all email messages. This is an increase of 1.17% when compared to the previous month’s figure.
Malicious attachments in spam
During September there was a major reshuffle of the Top10 malicious programs to be found in spam messages. The NetSky worm family, which was last month’s leader, lost its position this month. In August one third of all infected messages belonged to this family, whilst in September only one variant, the Win32.NetSky.q worm, remained in the Top10 – sitting at number 10 on the list.
The clear leader this month is the FraudTool Trojan family. Almost half of all infected messages contained these Trojan variants. As the name suggests, the Trojan installs a rogue antivirus program on the user’s computer. This type of malware appears to be very much in vogue at the present time. Rather unexpectedly, first place in the Top10 went to Trojan-Downloader.Win32.Murlo.cba, a fairly old variant found in 28.5% of malicious spam message attachments.
Perhaps contrary to expectations, the Zbot Trojan family is rather poorly represented in the Top10 for September. Trojan-Spy.Win32.Zbot.gen took 9th place with just 0.81% of the infected messages. Trojan-Spy.Win32.Zbot.gen is a spy Trojan designed to steal a user’s confidential data. Interestingly, the Bredolab backdoor family, which was among the most popular malicious programs during August, has slipped out of the September Top10 completely.
In order to distribute their malicious content, spammers fell back on one of their old methods, a zipped file attached to convincing-looking notifications supposedly from the respected courier firms DHL and UPS. This type of spam first appeared between the end of May and the beginning of June 09. However, in September spammers started to use it more actively. Interestingly, September’s DHL-spam differs considerably from that of June’s. Firstly, in June DHL-spam targeted a German audience and was written in German. Secondly, in June it was not zipped – it was located on a web page with a link to the message.
During September the situation changed, with DHL-spam becoming UPS-spam’s ‘twin brother’, while the UPS-spam itself remained unchanged. This means that spammers are learning to use each other’s technological ruses.
1 | 2 | 3 | 4 | Next page >>
- Q&A: Wireshark
- Best practices for DNS security
- Spam evolution: September 2009
- Looking back at 2009 through SQL injection goggles
- Q&A: Web application security
