SlideShare ist ein Scribd-Unternehmen logo

April 2012 Threats Trend Report

Cyren, Inc
Cyren, Inc

The Commtouch Quarterly Internet Threats Trend Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The April 2012 edition provides analysis of Internet security threats that occurred during the first quarter of 2012.

TechnologieNews & Politik
1 von 44
Downloaden Sie, um offline zu lesen
Internet Threats Trend Report April 2012
April 2012 Threat Report The following is a condensed version of the April 2012 Commtouch Internet Threats Trend Report You can download the complete report at http://www.commtouch.com/threat-report-april-2012 Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
April 2012 Threat Report 1 Key Highlights Malware, Spam, Web 2 Trends Security, Compromised Websites and Zombies
Key Highlights for Q1 2012
Key Security Highlights Average daily spam/phishing emails sent 94 Billion Spam levels dropped in Q1
Key Security Highlights Spam Zombie daily turnover 270,000 Zombies Up from 209,000 in Q4, 2011 (Zombie turnover is the number of zombies turned off and on daily)
Key Security Highlights Most popular blog topic on user generated content sites Streaming media/ downloads (22%) Streaming media & downloads remains in top spot Includes sites with MP3 files or music related sites such as fan pages (these might also be categorized as entertainment)
Key Security Highlights Most popular spam topic Pharmacy Ads (39% of all spam) Up 8% over Q4 2011 2nd place Replica spam also increased by over 5%
Key Security Highlights Country with the most Zombies India (19.2%) India still #1 but dropped from nearly 24% in Q4 2011.
Key Security Highlights Website category most likely to be compromised with malware Pornography/Explicit • “Parked domains” dropped to 2nd spot • New entrant “Fashion & Beauty” captured 3rd place
Trends in Q1 2012… Spam Trends
Q1 Spam Trends • Marginal increase in spam during the December 2011 holiday season • Otherwise, spam remained low vs. Q1 2011 – avg decrease nearly 40% • Average daily spam levels dropped to 94 billion spam and phishing emails/day Spam levels – Dec 2011 to March 2012 December January February March Source: Commtouch
Q1 Spam Trends • Spam averaged 75% of all emails in Q1 Spam % of all emails - Dec 2011 to Mar 2012 December January February March Source: Commtouch
Q1 Spam Trends Replica spam affiliate program “GlavTorg” closes • Spam affiliate programs provide the link between fake pharmaceuticals and replica manufacturers and spammers • Dec 2011 - GlavTorg (affiliate focused on replica handbags and clothing) announced it would stop affiliates payouts at end of Jan’12 • Commtouch Labs evaluated the effect of the closure with introduction of the “spam-subject cloud tool” – Samples thousands of spam messages at definable intervals – Frequency of spam terms indicated by text size • Spam subjects used in massive quantities are instantly distinguishable.
Q1 Spam Trends • Spam topics cloud for the end of January 2012 shows no evidence of GlavTorg related products • Spam levels for the period show Spam Topics Cloud for End of no obvious increase or decrease January 2012 around dates when payments were stopped • Conclusion: Spammers have apparently easily realigned their activities. Source: Commtouch
Q1 Spam Trends Spam cloud for Entire Q1 2012 Subjects include: Spam Topics Cloud for Q1 2012 • Pharmaceuticals (Viagra, Cialis) • Replicas (Rolex, Breitling) • Enhancers • Software (CS5, Windows, Adobe) • “Dating” – Present, but due to the great variance of subject words, are less prominent Source: Commtouch
Q1 Spam Trends Spam Topics in Q1 • Pharmacy spam continued to increase, as it did last quarter, to nearly 39% of all spam (~8% more than the previous quarter) • Replica-themed spam also increased in Q1 by over 5% Source: Commtouch
Q1 Spam Trends Top Faked (Spoofed) Spam Sending Domains* • gmail.com is once again the most spoofed domain (increasing above 25% for the first time) • The top 15 features popular social networking and mail sites (AOL, Yahoo, Facebook, LinkedIn, MySpace) as well as DHL.com – often used as part of email malware attacks * Domains used by spammers in the “from” Source: Commtouch field of the spam emails.
Q1 Spam Trends Find out more about Spam Trends in Q1 by downloading the complete April Internet Threats Trend Report http://www.commtouch.com/threat-report-april-2012
Trends in Q2 2012… Malware Trends
Q1 Malware Trends Did cybercriminals target accountants? • The scale of a February attack was so large that it certainly must have worked on many CPAs – but also many other individuals • Attacks included subjects such as: • “Fraudulent tax return assistance accusations” • “Your accountant license can be revoked” • “Your accountant cpa license termination” • “Income tax return fraud accusations”
Q1 Malware Trends How it worked • Clicking on the link downloaded a short HTML page that promises “Page is loading, please wait. You will see tax info on this screen.” • In the background, a small Phony accountant tax fraud emails script creates a nested lead to malware iFrame, which brought in more JavaScript, creating further dynamic content • The process repeated until a large portion of malware code was activated Source: Commtouch
Q1 Malware Trends • 2 weeks later a similarly sized attack targeted accounting practitioners and the small business market • Method this time was by describing fictitious purchases of Intuit accounting software. • Subjects lines included: – Your QuickBooks software order – Your Intuit.com order – Your Intuit.com invoice – Please confirm your Intuit.com invoice • The malware downloaded and deployed in the same way as described above in previous attack Source: Commtouch
Q1 Malware Trends Email attached malware levels generally low Q1 2012 • Malware distributors generally stuck to popular malware topics, such as Fedex delivery notices. • Several other interesting social engineering techniques were also used during the quarter: – Google have received your CV (with an attached CV submission form) – Your friend invited you to Twitter (with an attached “invitation card”) – Someone wanting to be your friend on Hi5 (a social network) – Shipping updates for your Amazon.com order (with attached “shipping documents”)
Q1 Malware Trends – American Airlines ticket confirmations – “I love you” (containing only the text “lovely :-)” and phony assurance that F-Secure Antivirus had found no virus in the attachment – Sex pictures (with an attached zip refering to www.freeporn4all. Once extracted, a typical Explorer view shows a file named “document.txt”. Widening the filename column reveals the true “.exe” extension of the malware (following multiple space characters) – an old trick but probably still effective
Q1 Malware Trends Top 10 Malware of Q1 2012 Rank Malware name Rank Malware name 1 W32/InstallCore.A2.gen!Eldorado 6 W32/Sality.gen2 2 W32/RLPacked.A.gen!Eldorado 7 W32/HotBar.L.gen!Eldorado 3 W32/Sality.C.gen!Eldorado 8 W32/Vobfus.AD.gen!Eldorado 4 W32/Heuristic-210!Eldorado 9 JS/Pdfka.CI.gen 5 W32/RAHack.A.gen!Eldorado 10 W32/Korgo.V Source: Commtouch
Q1 Malware Trends For a complete analysis of Malware in Q1 and the specific attacks employed, download the complete April 2012 Internet Threats Trend Report http://www.commtouch.com/threat-report-april-2012
Trends in Q1 2012… Web Security
Q1 Web Security Facebook “unwatchable video” scam • Several variants of this scam have appeared on Facebook in the last few months • January’s version starts with a friend’s post that looks something like this: Source: Commtouch • The link takes clickers to a Blogspot page which has been very convincingly designed to look like a Facebook page with an embedded video player. – None of the buttons on the page are actually clickable
Q1 Web Security • Visitors are informed that they need the Divx plugin/ YouTube Premium plugin • Clicking on the download link runs a malicious link that: – Posts a link on the user’s wall to attract more users to click on the link – Installs Firefox or Chrome extensions (depending on browser), used to redirect users to several further scams. – Redirections happen regardless of the site user actually intended to go to. One of the redirections is to a scam offering a $50 Starbucks gift card. After coaxing the Facebook user to like and share the link they are led to an affiliate marketing site.
Q1 Compromised Websites See more examples of compromised websites Download the complete April 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-april-2012
Q1 Compromised Websites Website categories infected with malware • Pornographic sites climbed back up to the top spot pushing down Parked domains. As noted in previous reports, the hosting of malware may well be the intention of the owners of the parked domains and pornography sites. • A new entry into the top 3 is “Fashion and Beauty” sites Rank Category Rank Category 1 Pornography/Sexually Explicit 6 Education 2 Parked Domains 7 Health & Medicine 3 Fashion and Beauty 8 Computers & Technology 4 Portals 9 Business 5 Entertainment 10 Leisure & Recreation Source: Commtouch
Q1 Compromised Websites Compromised Websites: An Owner’s Perspective • Commtouch, in cooperation with StopBadware, undertook a survey of webmasters whose sites had been compromised • The report presents statistics & opinions on how site owners navigate the process of learning their sites have been hacked and repairing the damage • Some results – Over 90% of respondents didn't notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware. – Nearly two-thirds of the webmasters surveyed didn't know how the compromise had happened – About half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning View the complete list of findings by downloading the full report http://www.commtouch.com/compromised-websites-report-2012
Q1 Compromised Websites Phishing Trends • Phishing attacks target account information for many services: – Banks, email and social network accounts, and online games. • Commtouch’s Security Blog has also featured phishing aimed at Google Adwords customers. • In January, a similar phishing attack was directed at Microsoft adCenter users. The links in the email led to a very convincing replica of the adCenter login page.
Q1 Compromised Websites Website categories infected with phishing • During the first quarter of 2012, Commtouch analyzed which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner). • Portals (offering free website hosting) jumped into the highest position. Sites related to games (the previous leader), dropped off the list. Rank Category Rank Category 1 Portals 6 Sports 2 Shopping 7 Leisure & Recreation 3 Fashion & Beauty 8 Health and medicine 4 Education 9 Real Estate 5 Business 10 Personal sites Source: Commtouch
Q1 Compromised Websites Download the complete April 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-april-2012
Trends in Q1 2012… Zombie Trends
Q1 Zombie Trends Daily Turnover of Zombies in Q1 • Average turnover: 270,000 newly activated each day sending spam (increase from 209,000 in Q4 2011) • Large drop at start of Nov apparently result of Esthost botnet takedown • Although Esthost primarily used for DNS changing (redirecting Web requests to malicious sites), some apparently also used to send spam • Since start of 2012, spammers have worked to source new zombies Daily newly activated spam zombies: Oct 2011 to mar 2012 Source: Commtouch
Q1 Zombie Trends Worldwide Zombie Distribution in Q1 Source: Commtouch • India again claimed top zombie producer title, but dropped below 20% from nearly 24% in Q4 2011 • Brazil and Russian Federation both climbed back up to the 2nd and 3rd positions, respectively • Argentina, Poland and Italy joined the top 15, displacing The United States, Romania and Ukraine
Q4 Zombie Trends Download the complete April 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-april-2012
Trends in Q1 2012… Web 2.0 Trends
Q1 Web 2.0 Trends Web 2.0 Trends • “Streaming media and downloads” was the most popular blog or page topic again in Q2, remaining at 22%. Rank Category % Rank Category % 1 Streaming Media & Downloads 22% 8 Religion 5% 2 Computers & Technology 8% 9 Sports 4% 3 Entertainment 7% 10 Education 4% 4 Pornography/Sexually Explicit 5% 11 Leisure & Recreation 3% 5 Restaurants & Dining 5% 12 Health & Medicine 3% 6 Fashion & Beauty 5% 13 Games 3% 7 Arts 5% 14 Sex Education 2% Source: Commtouch The streaming media & downloads category includes sites with MP3 files or music related sites such as fan pages.
Download the complete April 2012 Internet Threats Trend Report at http://www.commtouch.com/threat-report-april-2012
For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.com Blog: http://blog.commtouch.com

Empfohlen

BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatCyren, Inc
 

Empfohlen

BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatCyren, Inc
 
Webinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeWebinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeCyren, Inc
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteCyren, Inc
 
Webinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksWebinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksCyren, Inc
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseCyren, Inc
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityCyren, Inc
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportCyren, Inc
 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareCyren, Inc
 
Webinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseWebinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseCyren, Inc
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookCyren, Inc
 
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Cyren, Inc
 
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Cyren, Inc
 
CYREN Investor Presentation - January, 2015
CYREN Investor Presentation - January, 2015CYREN Investor Presentation - January, 2015
CYREN Investor Presentation - January, 2015Cyren, Inc
 
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?Cyren, Inc
 
Webinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend reportWebinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend reportCyren, Inc
 
Dual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeDual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeCyren, Inc
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourCyren, Inc
 
Insights from CYREN's Q2 2014 Internet Threats Trend Report
Insights from CYREN's Q2 2014 Internet Threats Trend ReportInsights from CYREN's Q2 2014 Internet Threats Trend Report
Insights from CYREN's Q2 2014 Internet Threats Trend ReportCyren, Inc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Weitere ähnliche Inhalte

Mehr von Cyren, Inc

Webinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeWebinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeCyren, Inc
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteCyren, Inc
 
Webinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksWebinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksCyren, Inc
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseCyren, Inc
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityCyren, Inc
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportCyren, Inc
 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareCyren, Inc
 
Webinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseWebinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseCyren, Inc
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookCyren, Inc
 
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Cyren, Inc
 
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Cyren, Inc
 
CYREN Investor Presentation - January, 2015
CYREN Investor Presentation - January, 2015CYREN Investor Presentation - January, 2015
CYREN Investor Presentation - January, 2015Cyren, Inc
 
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?Cyren, Inc
 
Webinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend reportWebinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend reportCyren, Inc
 
Dual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeDual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeCyren, Inc
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourCyren, Inc
 
Insights from CYREN's Q2 2014 Internet Threats Trend Report
Insights from CYREN's Q2 2014 Internet Threats Trend ReportInsights from CYREN's Q2 2014 Internet Threats Trend Report
Insights from CYREN's Q2 2014 Internet Threats Trend ReportCyren, Inc
 

Mehr von Cyren, Inc (20)

Webinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeWebinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrime
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsolete
 
Webinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksWebinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacks
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud Security
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for Healthcare
 
Webinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseWebinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for Enterprise
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
 
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
 
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
 
CYREN Investor Presentation - January, 2015
CYREN Investor Presentation - January, 2015CYREN Investor Presentation - January, 2015
CYREN Investor Presentation - January, 2015
 
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
Webinar: Is There A Blind Spot In Your Cyberthreat Vision?
 
Webinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend reportWebinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend report
 
Dual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle CybercrimeDual Detection Engines - Using Layered Security to Battle Cybercrime
Dual Detection Engines - Using Layered Security to Battle Cybercrime
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an Hour
 
Insights from CYREN's Q2 2014 Internet Threats Trend Report
Insights from CYREN's Q2 2014 Internet Threats Trend ReportInsights from CYREN's Q2 2014 Internet Threats Trend Report
Insights from CYREN's Q2 2014 Internet Threats Trend Report
 

Kürzlich hochgeladen

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

April 2012 Threats Trend Report

  • 2. April 2012 Threat Report The following is a condensed version of the April 2012 Commtouch Internet Threats Trend Report You can download the complete report at http://www.commtouch.com/threat-report-april-2012 Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
  • 3. April 2012 Threat Report 1 Key Highlights Malware, Spam, Web 2 Trends Security, Compromised Websites and Zombies
  • 5. Key Security Highlights Average daily spam/phishing emails sent 94 Billion Spam levels dropped in Q1
  • 6. Key Security Highlights Spam Zombie daily turnover 270,000 Zombies Up from 209,000 in Q4, 2011 (Zombie turnover is the number of zombies turned off and on daily)
  • 7. Key Security Highlights Most popular blog topic on user generated content sites Streaming media/ downloads (22%) Streaming media & downloads remains in top spot Includes sites with MP3 files or music related sites such as fan pages (these might also be categorized as entertainment)
  • 8. Key Security Highlights Most popular spam topic Pharmacy Ads (39% of all spam) Up 8% over Q4 2011 2nd place Replica spam also increased by over 5%
  • 9. Key Security Highlights Country with the most Zombies India (19.2%) India still #1 but dropped from nearly 24% in Q4 2011.
  • 10. Key Security Highlights Website category most likely to be compromised with malware Pornography/Explicit • “Parked domains” dropped to 2nd spot • New entrant “Fashion & Beauty” captured 3rd place
  • 11. Trends in Q1 2012… Spam Trends
  • 12. Q1 Spam Trends • Marginal increase in spam during the December 2011 holiday season • Otherwise, spam remained low vs. Q1 2011 – avg decrease nearly 40% • Average daily spam levels dropped to 94 billion spam and phishing emails/day Spam levels – Dec 2011 to March 2012 December January February March Source: Commtouch
  • 13. Q1 Spam Trends • Spam averaged 75% of all emails in Q1 Spam % of all emails - Dec 2011 to Mar 2012 December January February March Source: Commtouch
  • 14. Q1 Spam Trends Replica spam affiliate program “GlavTorg” closes • Spam affiliate programs provide the link between fake pharmaceuticals and replica manufacturers and spammers • Dec 2011 - GlavTorg (affiliate focused on replica handbags and clothing) announced it would stop affiliates payouts at end of Jan’12 • Commtouch Labs evaluated the effect of the closure with introduction of the “spam-subject cloud tool” – Samples thousands of spam messages at definable intervals – Frequency of spam terms indicated by text size • Spam subjects used in massive quantities are instantly distinguishable.
  • 15. Q1 Spam Trends • Spam topics cloud for the end of January 2012 shows no evidence of GlavTorg related products • Spam levels for the period show Spam Topics Cloud for End of no obvious increase or decrease January 2012 around dates when payments were stopped • Conclusion: Spammers have apparently easily realigned their activities. Source: Commtouch
  • 16. Q1 Spam Trends Spam cloud for Entire Q1 2012 Subjects include: Spam Topics Cloud for Q1 2012 • Pharmaceuticals (Viagra, Cialis) • Replicas (Rolex, Breitling) • Enhancers • Software (CS5, Windows, Adobe) • “Dating” – Present, but due to the great variance of subject words, are less prominent Source: Commtouch
  • 17. Q1 Spam Trends Spam Topics in Q1 • Pharmacy spam continued to increase, as it did last quarter, to nearly 39% of all spam (~8% more than the previous quarter) • Replica-themed spam also increased in Q1 by over 5% Source: Commtouch
  • 18. Q1 Spam Trends Top Faked (Spoofed) Spam Sending Domains* • gmail.com is once again the most spoofed domain (increasing above 25% for the first time) • The top 15 features popular social networking and mail sites (AOL, Yahoo, Facebook, LinkedIn, MySpace) as well as DHL.com – often used as part of email malware attacks * Domains used by spammers in the “from” Source: Commtouch field of the spam emails.
  • 19. Q1 Spam Trends Find out more about Spam Trends in Q1 by downloading the complete April Internet Threats Trend Report http://www.commtouch.com/threat-report-april-2012
  • 20. Trends in Q2 2012… Malware Trends
  • 21. Q1 Malware Trends Did cybercriminals target accountants? • The scale of a February attack was so large that it certainly must have worked on many CPAs – but also many other individuals • Attacks included subjects such as: • “Fraudulent tax return assistance accusations” • “Your accountant license can be revoked” • “Your accountant cpa license termination” • “Income tax return fraud accusations”
  • 22. Q1 Malware Trends How it worked • Clicking on the link downloaded a short HTML page that promises “Page is loading, please wait. You will see tax info on this screen.” • In the background, a small Phony accountant tax fraud emails script creates a nested lead to malware iFrame, which brought in more JavaScript, creating further dynamic content • The process repeated until a large portion of malware code was activated Source: Commtouch
  • 23. Q1 Malware Trends • 2 weeks later a similarly sized attack targeted accounting practitioners and the small business market • Method this time was by describing fictitious purchases of Intuit accounting software. • Subjects lines included: – Your QuickBooks software order – Your Intuit.com order – Your Intuit.com invoice – Please confirm your Intuit.com invoice • The malware downloaded and deployed in the same way as described above in previous attack Source: Commtouch
  • 24. Q1 Malware Trends Email attached malware levels generally low Q1 2012 • Malware distributors generally stuck to popular malware topics, such as Fedex delivery notices. • Several other interesting social engineering techniques were also used during the quarter: – Google have received your CV (with an attached CV submission form) – Your friend invited you to Twitter (with an attached “invitation card”) – Someone wanting to be your friend on Hi5 (a social network) – Shipping updates for your Amazon.com order (with attached “shipping documents”)
  • 25. Q1 Malware Trends – American Airlines ticket confirmations – “I love you” (containing only the text “lovely :-)” and phony assurance that F-Secure Antivirus had found no virus in the attachment – Sex pictures (with an attached zip refering to www.freeporn4all. Once extracted, a typical Explorer view shows a file named “document.txt”. Widening the filename column reveals the true “.exe” extension of the malware (following multiple space characters) – an old trick but probably still effective
  • 26. Q1 Malware Trends Top 10 Malware of Q1 2012 Rank Malware name Rank Malware name 1 W32/InstallCore.A2.gen!Eldorado 6 W32/Sality.gen2 2 W32/RLPacked.A.gen!Eldorado 7 W32/HotBar.L.gen!Eldorado 3 W32/Sality.C.gen!Eldorado 8 W32/Vobfus.AD.gen!Eldorado 4 W32/Heuristic-210!Eldorado 9 JS/Pdfka.CI.gen 5 W32/RAHack.A.gen!Eldorado 10 W32/Korgo.V Source: Commtouch
  • 27. Q1 Malware Trends For a complete analysis of Malware in Q1 and the specific attacks employed, download the complete April 2012 Internet Threats Trend Report http://www.commtouch.com/threat-report-april-2012
  • 28. Trends in Q1 2012… Web Security
  • 29. Q1 Web Security Facebook “unwatchable video” scam • Several variants of this scam have appeared on Facebook in the last few months • January’s version starts with a friend’s post that looks something like this: Source: Commtouch • The link takes clickers to a Blogspot page which has been very convincingly designed to look like a Facebook page with an embedded video player. – None of the buttons on the page are actually clickable
  • 30. Q1 Web Security • Visitors are informed that they need the Divx plugin/ YouTube Premium plugin • Clicking on the download link runs a malicious link that: – Posts a link on the user’s wall to attract more users to click on the link – Installs Firefox or Chrome extensions (depending on browser), used to redirect users to several further scams. – Redirections happen regardless of the site user actually intended to go to. One of the redirections is to a scam offering a $50 Starbucks gift card. After coaxing the Facebook user to like and share the link they are led to an affiliate marketing site.
  • 31. Q1 Compromised Websites See more examples of compromised websites Download the complete April 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-april-2012
  • 32. Q1 Compromised Websites Website categories infected with malware • Pornographic sites climbed back up to the top spot pushing down Parked domains. As noted in previous reports, the hosting of malware may well be the intention of the owners of the parked domains and pornography sites. • A new entry into the top 3 is “Fashion and Beauty” sites Rank Category Rank Category 1 Pornography/Sexually Explicit 6 Education 2 Parked Domains 7 Health & Medicine 3 Fashion and Beauty 8 Computers & Technology 4 Portals 9 Business 5 Entertainment 10 Leisure & Recreation Source: Commtouch
  • 33. Q1 Compromised Websites Compromised Websites: An Owner’s Perspective • Commtouch, in cooperation with StopBadware, undertook a survey of webmasters whose sites had been compromised • The report presents statistics & opinions on how site owners navigate the process of learning their sites have been hacked and repairing the damage • Some results – Over 90% of respondents didn't notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware. – Nearly two-thirds of the webmasters surveyed didn't know how the compromise had happened – About half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning View the complete list of findings by downloading the full report http://www.commtouch.com/compromised-websites-report-2012
  • 34. Q1 Compromised Websites Phishing Trends • Phishing attacks target account information for many services: – Banks, email and social network accounts, and online games. • Commtouch’s Security Blog has also featured phishing aimed at Google Adwords customers. • In January, a similar phishing attack was directed at Microsoft adCenter users. The links in the email led to a very convincing replica of the adCenter login page.
  • 35. Q1 Compromised Websites Website categories infected with phishing • During the first quarter of 2012, Commtouch analyzed which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner). • Portals (offering free website hosting) jumped into the highest position. Sites related to games (the previous leader), dropped off the list. Rank Category Rank Category 1 Portals 6 Sports 2 Shopping 7 Leisure & Recreation 3 Fashion & Beauty 8 Health and medicine 4 Education 9 Real Estate 5 Business 10 Personal sites Source: Commtouch
  • 36. Q1 Compromised Websites Download the complete April 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-april-2012
  • 37. Trends in Q1 2012… Zombie Trends
  • 38. Q1 Zombie Trends Daily Turnover of Zombies in Q1 • Average turnover: 270,000 newly activated each day sending spam (increase from 209,000 in Q4 2011) • Large drop at start of Nov apparently result of Esthost botnet takedown • Although Esthost primarily used for DNS changing (redirecting Web requests to malicious sites), some apparently also used to send spam • Since start of 2012, spammers have worked to source new zombies Daily newly activated spam zombies: Oct 2011 to mar 2012 Source: Commtouch
  • 39. Q1 Zombie Trends Worldwide Zombie Distribution in Q1 Source: Commtouch • India again claimed top zombie producer title, but dropped below 20% from nearly 24% in Q4 2011 • Brazil and Russian Federation both climbed back up to the 2nd and 3rd positions, respectively • Argentina, Poland and Italy joined the top 15, displacing The United States, Romania and Ukraine
  • 40. Q4 Zombie Trends Download the complete April 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-april-2012
  • 41. Trends in Q1 2012… Web 2.0 Trends
  • 42. Q1 Web 2.0 Trends Web 2.0 Trends • “Streaming media and downloads” was the most popular blog or page topic again in Q2, remaining at 22%. Rank Category % Rank Category % 1 Streaming Media & Downloads 22% 8 Religion 5% 2 Computers & Technology 8% 9 Sports 4% 3 Entertainment 7% 10 Education 4% 4 Pornography/Sexually Explicit 5% 11 Leisure & Recreation 3% 5 Restaurants & Dining 5% 12 Health & Medicine 3% 6 Fashion & Beauty 5% 13 Games 3% 7 Arts 5% 14 Sex Education 2% Source: Commtouch The streaming media & downloads category includes sites with MP3 files or music related sites such as fan pages.
  • 43. Download the complete April 2012 Internet Threats Trend Report at http://www.commtouch.com/threat-report-april-2012
  • 44. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.com Blog: http://blog.commtouch.com