Commtouch july 2012 internet threats trend report

Internet Threats Trend Report

July 2012

July 2012 Threat Report

The following is a condensed version of the July 2012 Commtouch Internet Threats Trend Report

You can download the complete report athttp://www.commtouch.com/threat-report-july-2012

Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.

http://www.commtouch.com/threat-report-july-2012


Key Security Highlights

Trends in Q2 2012…

Malware Trends

Q2 Malware Trends

Blended attacks mix brands and malware

The attacks all included similar characteristics:• Well-crafted emails matching those of known companies which were sent

out in large volumes. • The emails included links to multiple compromised websites which then

redirected to the malware hosting websites. • The compromised websites were often based on the WordPress content

management system. • The malware itself was mostly hosted on various .ru domains. • The malware pages showed simple messages such as “Please Wait –

Loading” (black text on white). • The same Flash and Adobe Reader exploits were used in most of the

malware

Q2 Malware Trends

Blended attacks mix brands and malware

Q2 Malware Trends

Movie ticket hoax hides malware on Dropbox

• Email offers free movie tickets• Clicking on the links leads to several redirects and scripts• Download of file “entrada_cine.zip” from the following link:

• https://dl.dropbox.com/u/689--025/bts/entrada_cine.zip

Q2 Malware Trends

Email-attached malware

• Increase over Q1 levels• Sample attacks:

• DHL tracking• “why did you put this photo online”

Q2 Malware Trends

Source: Commtouch

Rank Malware name Rank Malware name

1 W32/RLPacked.A.gen!Eldorado 6 W32/Sality.gen2

2 W32/InstallCore.A2.gen!Eldorado 7 W32/RAHack.A.gen!Eldorado

3 W32/Sality.C.gen!Eldorado 8 W32/OnlineGames.FL.gen!Eldorado

4 W32/HotBar.L.gen!Eldorado 9 W32/Vobfus.AD.gen!Eldorado

5 W32/Heuristic-210!Eldorado 10 JS/Pdfka.EV.gen

Top 10 Malware of Q2 2012

Q2 Malware Trends

For a complete analysis of Malware in Q2 and thespecific attacks employed, download the complete July

2012 Internet Threats Trend Reporthttp://www.commtouch.com/threat-report-july-2012




Web Security

Malware and spam campaigns used compromised sites extensively

Q2 Compromised Websites

• Sample LinkedIn email leads to simple notice while malware is downloaded

• Legitimate site continues to function normally

Source: Commtouch

Website categories infected with malware


• Pornographic sites disappeared from the top 10 as many legitimate sites from different categories found themselves hacked and hosting malware

Source: Commtouch

Rank Category Rank Category

1 Education 6 Sports

2 Travel 7 Leisure & Recreation

3 Business 8 Health & Medicine

4 Entertainment 9 Fashion and beauty

5 Restaurants and dining

10 Streaming media and downloads

Phishing campaigns also using compromised sites


• Sample – Yahoo phishing uses compromised photography site from Romania

• Legitimate site continues to function normally

Source: Commtouch


• During the second quarter of 2012, Commtouch analyzed which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner).

• Portals (offering free website hosting) remained at the highest position.

Rank Category Rank Category

1 Portals 6 Business

2 Fashion & Beauty

7 Arts

3 Sports

8 Streaming media and downloads

4 Shopping

9 Computers and technology

5 Education 10 Travel

Source: Commtouch

Website categories infected with phishing

Q2 Web Security

Download the complete July 2012 InternetThreats Trend Report for more details





Spam Trends

Q2 Spam Trends

Source: Commtouch

Spammers invent “Facebook Social”

Links lead via compromised sites to pharmacy sites

Q2 Spam Trends

Source: Commtouch

Phony MySpace, Facebook emails

Links lead to the “wikipharmacy”

Q2 Spam Trends

• Marginal decrease compared to previous quarter• Average daily spam levels dropped to 91 billion spam and phishing

emails/day

Source: Commtouch

Spam levels – Jan to June 2012

Spam Levels

• Spam averaged 76% of all emails in Q2

Q2 Spam Trends

Source: Commtouch

Spam % of all emails – Jan to June 2012

Spam %

Q2 Spam Trends

Subjects include:• Pharmaceuticals (pills, pfizer) • Replicas (Breitling, replica) • Enhancers

Source: Commtouch

Spam cloud for Q2 2012

Q2 Spam Trends

• Pharmacy spam continued to increase, as it did last quarter, to nearly 41% of all spam (~3% more than the previous quarter)

• Enhancer and diet-themed spam increased while replica spam dropped almost 8%

Source: Commtouch

Spam Topics in Q2

Q2 Spam Trends

Top Faked (Spoofed) Spam Sending Domains*

* Domains used by spammers in the “from” field of the spam emails.

Source: Commtouch

Q2 Spam Trends

Find out more about Spam Trends in Q2 bydownloading the complete JulyInternet Threats Trend Report





Zombie Trends

Q2 Zombie Trends

• Average turnover: 303,000 newly activated each day sending spam (increase from 270,000 in Q1 2012)

Daily Turnover of Zombies in Q2

Sou

rce

: C

omm

touc

h

Daily newly activated spam zombies: Jan to June 2012

Q2 Zombie TrendsWorldwide Zombie Distribution in Q2

• India again claimed top zombie producer title, moving above 20%• Poland, Italy, and Indonesia dropped out of the top 15, replaced

by Saudi Arabia, Romania, and more surprisingly, Germany – which has stayed well out of the top 15 for over one and a half years.

Source: Commtouch

Download the complete July 2012 InternetThreats Trend Report for more details


Q2 Zombie Trends



For more information contact:[email protected]

650 864 2000 (Americas) +972 9 863 6895 (International)

Web: www.commtouch.comBlog: http://blog.commtouch.com

mailto:[email protected]

http://www.commtouch.com/

http://blog.commtouch.com/

Technology

Commtouch july 2012 internet threats trend report