The July 2012 edition of the Symantec Intelligence report provides the latest analysis of cyber security threats, trends, and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks.
2. About the Symantec Intelligence Report
The Symantec Intelligence report provides the latest analysis of
cyber security threats, trends and insights from the Symantec
Intelligence team concerning malware, spam, and other
potentially harmful business risks.
The data used to compile the analysis for this combined report
includes data from January through July 2012.
Symantec Intelligence 2
3. July 2011 Highlights
• A variety of scams surrounding the Olympics are playing out in
the threat landscape.
• Use of attack toolkits has now tripled, compared to the average
number of attacker per day during the second half of 2011.
• Blog roundup covering most interesting news in July.
• Spam – 67.6 percent (an increase of 0.8 percentage points since
June 2012)
• Phishing – One in 475.3 emails identified as phishing (a decrease
of 0.003 percentage points since June 2012)
• Malware – One in 340.9 emails contained malware (an decrease
of 0.023 percentage points since June 2012)
• Malicious Web sites – 2,189 Web sites blocked per day (an
increase of 4.0 percent since June 2012)
Symantec Intelligence 3
4. Olympic-related threats
• The number of spam and phishing scams discovered per day has
doubled since May.
• Attackers are taking Olympic mobile apps and rebundling them
with threats.
• Olympic-related hash tags on Twitter are being utilized by
attackers to spread malware.
• Scammers are creating Olympic-themed spam and phishing
schemes, seemingly sponsored by credit card companies.
Symantec Intelligence 4
5. Spam Rate & Sources
5
Spam Rate 79.0% Saudi Arabia 70.3% Education 67.8% 1-250
67.9% 251-500
76.2% Hungary 69.5% Engineering
67.6% 72.8% Oman
72.5% China
69.4% Non-Profit
69.0% Automotive
67.7% 501-1000
68.2% 1001-1500
68.5% 1501-2500
71.8% Russian Federation 68.9% Marketing/Media 68.1% 2501+
Last Month: 66.8%
Six MonthAvg.: 66.5% Top 5 Geographies Top 5 Verticals By Horizontal
67.6%
2006 2007 2008 2009 2010 2011 2012
Sources India 17.0%
Saudi Arabia 13.6%
Brazil 5.2%
Viet Nam 5.1%
Turkey 4.6%
Canada 4.4%
Pakistan 3.4%
United States 3.3%
Russian Federa on 2.4%
Korea (South) 2.3%
July 2012
9. Additional Spam Metrics
Global Spam Categories
Category Name June 2012 May 2012
Newsletters 57.22% 0.08%
Sex/Dating 23.46% 64.28%
Pharma 12.87% 18.76%
Watches 2.40% 2.94%
Software 1.54% 1.67%
Jobs 1.52% 4.72%
Casino 0.50% 5.24%
Degrees 0.18% 0.47%
Weight Loss 0.14% <0.01%
419/scam/lotto 0.08% 0.27%
Mobile 0.07% 0.09%
Symantec Intelligence 9
10. Phishing Rate & Sources
Phishing Rate 1 in 94.4 Netherlands 1 in 113.3 Public Sector 1 in 363.8 1-250
1 in 719.5 251-500
1 in 171.2 South Africa 1 in 285.9 Finance
1 in 475.3 1 in 244.9 Canada
1 in 272.5 United Kingdom
1 in 335.8 Education
1 in 372.7 Accom/Catering
1 in 926.0 501-1000
1 in 782.9 1001-1500
1 in 988.4 1501-2500
1 in 679.5 Belgium 1 in 471.0 Marketing/Media 1 in 418.3 2501+
Last Month: 1 in 467.6
Six MonthAvg.: 1 in 474.1 Top 5 Geographies Top 5 Verticals By Horizontal
1 in
475.3
2006 2007 2008 2009 2010 2011 2012
Sources United States 47.6%
United Kingdom 27.0%
Australia 10.4%
Canada 9.9%
South Africa 1.1%
Sweden 0.8%
Germany 0.7%
Netherlands 0.7%
Philippines 0.4%
Denmark 0.3%
July 201210
11. Phishing Rate & Sources
Phishing Web Sites Locations
Country June* May
United States 50.0% 48.8%
Germany 6.4% 6.3%
United Kingdom 4.4% 3.9%
Brazil 3.7% 4.7%
France 2.9% 3.0%
Canada 2.9% 2.9%
Russia 2.9% 2.4%
China 2.5% 2.6%
Netherlands 2.3% 2.2%
*Note: Data lags one month Poland 1.4% 1.4%
July 2011
11
12. Tactics of Phishing Distribution
Automated Toolkits 63.8%
Other Unique Domains 27.4%
IP Address Domains 4.3%
Free Web Hosting Sites 3.6%
Typosquatting 0.9%
Symantec Intelligence 12
13. Organizations Spoofed in Phishing Attacks, by Industry
Sector
Information Services 36.3%
Banking 33.0%
E-Commerce 28.0%
Telecommunications 1.4%
Communications 0.46%
Retail 0.44%
Government 0.37%
Insurance 0.021%
Retail Trade 0.014%
Security 0.011%
ISP 0.002%
Symantec Intelligence 13
14. Virus Rate
Virus Rate 1 in 82.2 Netherlands 1 in 85.3 Public Sector 1 in 214.4 1-250
1 in 365.0 251-500
1 in 216.6 United Kingdom 1 in 210.6 Education
1 in 340.9 1 in 260.9
1 in 275.0
Luxembourg
Canada
1 in 252.5 Marketing/Media
1 in 301.8 Finance
1 in 367.0 501-1000
1 in 404.4 1001-1500
1 in 470.3 1501-2500
1 in 436.6 South Africa 1 in 306.6 Accom/Catering 1 in 472.0 2501+
Last Month: 1 in 316.5
Six MonthAvg.: 1 in 331.4 Top 5 Geographies Top 5 Verticals By Horizontal
1 in
340.9
2006 2007 2008 2009 2010 2011 2012
Sources United Kingdom 40.0%
United States 30.8%
Canada 6.5%
Brazil 3.2%
Sweden 3.0%
Australia 2.7%
Germany 2.3%
Hong Kong 2.0%
Netherlands 1.6%
South Africa 1.3%
July 201214
16. New Malware and Spyware Sites Per Day
Web Security Services Activity:
New Malware Sites per Day
New sites with spyware 15/day
New sites with web viruses 2,174/day
Total 2,189/day
2008 2009 2010 2011 2012
Symantec Intelligence 16
18. Most Frequently Blocked Malware at the Endpoint
Malware Name % Malware
W32.Sality.AE 6.12%
W32.Ramnit!html 4.68%
W32.Downadup.B 4.24%
W32.Ramnit.B 4.15%
W32.Ramnit.B!inf 3.06%
W32.Virut.CF 1.89%
W32.Almanahe.B!inf 1.75%
W32.SillyFDC.BDP!lnk 1.71%
Trojan.Maljava 1.33%
W32.SillyFDC 1.22%
[1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jsp
Symantec Intelligence 18
19. Where to next?
• Web:
– www.symanteccloud.com/intelligence
– www.symantec.com/spam
• Twitter:
– @symanteccloud
Symantec Intelligence 19