Symantec released its June 2011 Symantec Intelligence Report, the first Symantec report to combine the best research and analysis from the Symantec cloud MessageLabs Intelligence Report and the Symantec State of Spam and Phishing Report.
This month’s analysis reveals that spam is currently at the lowest level it has been since the takedown of McColo, a California based ISP, which hosted command and control channels for a number of major botnets, in November 2008.
Since the shutdown of Rustock, the largest spam-sending botnet in March 2011, the volume of spam in global circulation each day continues to fluctuate. Spam accounted for 72.9% of email in June, returning to the same level as in April earlier this year. According to Symantec Intelligence, 76.6% of this spam was sent by botnets, compared with 83.1% in March.
“Despite the decrease in botnet spam this month, they should still be considered a dangerous force on the Internet. Cybercriminals continue to use botnets to conduct distributed denial of service attacks (DDoS), carry out fraudulent click-thrus on unsuspecting websites for financial gain, host illegal Web site content on infected computers, harvest personal data from infected users and install spyware to track victims’ activities online,” says Paul Wood, senior intelligence analyst, Symantec.cloud.
“Spam remains a huge problem and spam levels continue to be unpredictable. Following the disruption of Rustock in March, approximately 36.9 billion spam emails were in circulation each day during April. This number rose to 41.7 billion in May, before falling back to 39.2 billion in June.
During the same period in 2010, spam accounted for 121.5 billion emails in global circulation each day, equivalent to 89.3% of email traffic in June 2010. Over a twelve month period, a drop of 68.7 percent in volume resulted in a fall of only 16.4% points in the overall global spam rate,” added Wood.
In the latest analysis, spam relating to pharmaceutical products accounted for 40% of all spam in June 2011, declining from 64.2 percent at the end of 2010. Spam subject line analysis shows that adult spam continue to flourish.
According to the Symantec Intelligence Report, spam messages promoting pharmaceutical products have been the most commonly seen spam attacks in June. Pharmaceutical products are deceptively marketed through spam emails employing a variety of obfuscation techniques. This month’s report highlights the changing nature of the spam-sending botnet landscape and online pharmacy spam using two different angles: a spoof of an online video sharing service and a new online pharmacy brand, perhaps seeking to exploit the popularity of the “wiki” name in a number of high-profile Web sites.
Last month, Symantec Intelligence also identified a new spam tactic being used, which introduced the “Wiki” name prefix for the promotion of fake pharmaceutical products relating to a new pharmacy brand, WikiPharmacy. The “Subject:” line in these attacks has a lot of randomisation contained in the text. The “From:” header is either fake or a hijacked ISP account that gives a personalised appearance to the email.
Other report highlights:
Spam: In June 2011, the global ratio of spam in email traffic decreased by 2.9% since May 2011 to 72.9% (1 in 1.37 emails).
Phishing: In June, phishing activity decreased by 0.06% since May 2011; one in 286.7 emails (0.349%) comprised some form of phishing attack.
E-mail-borne threats: The global ratio of email-borne viruses in email traffic was one in 300.7 emails (0.333%) in June, a decrease of 0.117% points since May 2011.
Web-based malware threats: In June, MessageLabs Intelligence identified an average of 5,415 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 70.8% since May 2011.
Endpoint threats: The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit, a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions.
As the global spam level declined in June 2011, Saudi Arabia became the most spammed geography, with a spam rate of 82.2%, overtaking Russia, which moved into second position.
In the US, 73.7% of email was spam and 72.0% in Canada.
The spam level in the UK was 72.6%.
In The Netherlands, spam accounted for 73.0% of email traffic, 71.8% in Germany, 71.9% in Denmark and 70.4% in Australia.
In Hong Kong, 72.2% of emails were blocked as spam and 71.2% in Singapore, compared with 69.2% in Japan. Spam accounted for 72.3% of email traffic in South Africa and 73.4% in Brazil.
South Africa remained the most targeted geography for phishing emails in June, with 1 in 111.7 emails identified as phishing attacks.
In the UK, phishing accounted for 1 in 130.2 emails.
Phishing levels for the US were 1 in 1,270 and 1 in 207.7 for Canada.
In Germany phishing levels were 1 in 1,375, 1 in 2,043 in Denmark and 1 in 543.7 in The Netherlands.
In Australia, phishing activity accounted for 1 in 565.2 emails and 1 in 2,404 in Hong Kong.
For Japan it was 1 in 11,179 and 1 in 2,456 for Singapore.
In Brazil, 1 in 409.8 emails were blocked as phishing attacks.
The UK remained the geography with the highest ratio of malicious emails in June, as one in 131.9 emails was blocked as malicious in June.
In the US, virus levels for email-borne malware were 1 in 805.2 and 1 in 297.7 for Canada.
In Germany virus activity reached 1 in 721.0, 1 in 1,310 in Denmark and in The Netherlands 1 in 390.3.
In Australia, 1 in 374.5 emails were malicious and 1 in 666.5 in Hong Kong.
For Japan it was 1 in 2,114, compared with 1 in 946.7 in Singapore.
In South Africa, 1 in 280.9 email and 1 in 278.9 emails in Brazil contained malicious content.
The Public Sector remained the most targeted by phishing activity in June, with 1 in 83.7 emails comprising a phishing attack. Phishing levels for the Chemical & Pharmaceutical sector were 1 in 897.3 and 1 in 798.3 for the IT Services sector; 1 in 663.2 for Retail, 1 in 151.4 for Education and 1 in 160.8 for Finance.
With 1 in 73.1 emails being blocked as malicious, the Public Sector remained the most targeted industry in June. Virus levels for the Chemical & Pharmaceutical sector were 1 in 509.4 and 1 in 513.8 for the IT Services sector; 1 in 532.8 for Retail, 1 in 130.4 for Education and 1 in 182.3 for Finance.