Virus and phishing levels sky-rocket in September

The new data from MessageLabs Intelligence Report for September and 3rd quarter of 2007 reveals that virus and phishing levels have significantly increased, reaching levels not seen since early 2006. In addition, MessageLabs exposes a second wave of highly targeted C-level and senior management email attacks with increased sophistication and outreach.

With a virus threat now incorporated within every 48 emails, cyber-criminals are steering away from using the more obvious attachment method of distribution and favoring the use of links to malicious websites hosting malware code. This technique, which increased in popularity by approximately 15 percent this quarter, enables social engineering-based attacks such as e-postcards to be utilized.

Mirroring the recent resurgence in virus attacks, the volume of phishing threats has also reached exponential levels this month with every 87 emails comprising of a phishing attack. Through the increased availability of phishing kits and the uptake of aggressive phishing techniques such as ‘rock’ phishing, the quantity and severity of these attacks are able to increase dramatically. ‘Rock’ phishing utilized a phishing kit which enables a single compromised computer within a botnet to host multiple phishing sites at the same time.

“The start of the new school year seemed to bring back an increase in old-school threats and in high volumes. With email more ubiquitous than the telephone and one in 48 emails containing a virus, most people are unwittingly receiving more than one virus a day,” said Mark Sunner, Chief Security Analyst, MessageLabs. “As we enter the last quarter of 2007 and draw closer to the holiday season, the bad guys will be provided opportunity to disguise their attacks through the increase in genuine well-wishing emails and the anticipated upsurge in online shopping traffic. In addition, with the incessant rise of comprised machines through aggressive botnet activity, further spam level increases are anticipated.”

September is not just the month of mass-outreach attacks, the highly targeted approach is still rife. On September 12, more than 1,100 C-level and senior management executives became the target of another attack, thought to be from the same perpetrators of the June 26 C-level assault. With increased sophistication, the emails, which purport to be from a recruitment company, use a Microsoft error message to persuade the victims to click on the RFT attachment. Once opened, the RFT file contains an executable which drops two files onto the computer which in turn will be used to pass sensitive information back to the attacker.

Other report highlights:

Web Security: Analysis shows that 73.8 percent of the malware intercepted in September was new. Analysis of policy-based traffic highlighted that corporate tolerance of social networking sites is diminishing with Facebook being the most blocked site within the Personal’s and Dating category for SMBs and Friends Reunited top of the same category for the Enterprise.

Spam: In September, the global ratio of spam in email traffic from new and unknown bad sources, for which the recipient addresses were deemed valid, was 73.5 percent, a decrease of 0.5 percent on the previous month. When reviewing the overall spam rates on a quarterly basis, a drop of 0.9 percent was observed since Q2 2007.

Viruses: This month, the global ratio of viruses in email traffic from new and previously unknown bad sources destined for valid recipients was 1 in 48.8 emails (2.05 percent), an increase of 0.8 percent since last month. Virus and trojan levels have declined steadily since 2006, with the Q3 2007 rates of 1 in 67.2 emails being the highest quarterly level since Q2 2006.

Phishing: With an increase of 0.6 percent, one in 87.2 emails comprises of some form of phishing attack in September, the highest level to date. When judged as a proportion of all email-borne threats such as viruses and trojans, the number of phishing emails has risen by 9.7 percent to 56.0 percent of the malware threats intercepted in September. Over the last quarter, phishing rates have increased from 1 in 232.0 to 1 in 124.3.