Email Threat Trend Report Second Quarter 2007

Similar documents
Ipswitch IMail Server with Integrated Technology

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

Recurrent Patterns Detection Technology. White Paper

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

Technology White Paper. Increase Security and Maximize Spam Blocking

Pattern-based Messaging Security for Hosting Providers

Life After Signatures Pattern Analysis Application for Zombie Detection

Anti Spam Best Practices

Threat Trend Report Third Quarter 2008

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Powerful and reliable virus and spam protection for your GMS installation

Attachment spam the latest trend

Protection for Mac and Linux computers: genuine need or nice to have?

Comprehensive Filtering. Whitepaper

Q Threats Trend Report

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Software Engineering 4C03 SPAM

Trend Micro Hosted Security Stop Spam. Save Time.

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

The Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.

How To Stop A Ddos Attack On A Website From Being Successful

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

OutbreakShield Effective and Immediate Protection against Virus Outbreaks

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

SPAM FILTER Service Data Sheet

Emerging Trends in Fighting Spam

Spyware: Securing gateway and endpoint against data theft

TRITON APX. Websense TRITON APX

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Symantec Protection Suite Add-On for Hosted and Web Security

Stopping zombies, botnets and other - and web-borne threats

The spam economy: the convergent spam and virus threats

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

MXSweep Hosted Protection

How To Protect Your Endpoints From Attack

isheriff CLOUD SECURITY

Advantages of Managed Security Services

Top tips for improved network security

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

Cisco Security Intelligence Operations

The Hillstone and Trend Micro Joint Solution

The Increasing Risks from

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Symantec enterprise security. Symantec Internet Security Threat Report April An important note about these statistics.

STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Symptoms of a Spam and Malware Epidemic

Websense Web Security Solutions

Endpoint Security Management

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Netsweeper Whitepaper

Defending Against. Phishing Attacks

PineApp Anti IP Blacklisting

CYBEROAM UTM s. Outbound Spam Protection Subscription for Service Providers. Securing You. Our Products.

Complete Protection against Evolving DDoS Threats

Introducing IBM s Advanced Threat Protection Platform

Context Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats

Cloud-based Web Security Isn t Hype: It s Here and It Works

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Design Your Security

SECURITY FOR COMPANIES

100% Malware-Free A Guaranteed Approach

Stop Spam. Save Time.

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Towards a Comprehensive Internet Security Strategy for SMEs

FireEye Advanced Threat Report 1H 2012

How to Stop Spam s and Bounces

Symantec Intelligence Report: February 2013

Kaspersky DDoS Prevention

Integrated Protection for Systems. João Batista Territory Manager

Kaspersky Security Network

GFI Product Comparison. GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Messaging Assurance Gateway: The Next-Generation in Anti-Spam & Anti-Virus Solutions

AVG AntiVirus. How does this benefit you?

WatchGuard Gateway AntiVirus

DESIGN YOUR SECURITY. We build tailored, converged security for you. Technology. Strategy. People. The synergetic collaboration.

Fighting Advanced Threats

Image Spam: The Epidemic of 2006

Application Security Backgrounder

Advanced Persistent Threats

FILTERING FAQ

Security - A Holistic Approach to SMBs

W H I T E P A P E R W e b S e c u r i t y S a a S : T h e N ext Generation of Web Security

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

An Advanced Reputation Management Approach to Stopping Emerging Threats

MDaemon configuration recommendations for dealing with spam related issues

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

Stop DDoS Attacks in Minutes

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

An Overview of Spam Blocking Techniques

Server Essentials

CSC Essay 5: Outline

RESELLER BRANDING BEST PRACTICE GUIDE TO MAIL & WEB.

Finding Security in the Cloud

Transcription:

Email Threat Trend Report Second Quarter 2007, Ltd. 2550 SW Grapevine Parkway, Suite 150 Grapevine, Texas 76051 Phone: (817) 601-3222 Fax: (817) 601-3223 http://www.altn.com/ 2007

Contents Emerging Email Threats Combine Spam, Malware from Botnets................................3 PDF Spam Eludes Traditional Security Tools................................................3 Botnets Expand in Size and Activity.......................................................4 Spam Originates from Botnets Worldwide..................................................6 Spam Rates Remain Stable.............................................................6 Medicines Top Most Popular Spam Topics..................................................7 Image Spam Rates Drop by 50%.........................................................7 SecurityPlus Provides Layered Security for Email............................................8 About...............................................................9 MDaemon is a registered trademark of, Ltd. Recurrent Pattern Detection Technology (RPD ) and Zero Hour Virus Outbreak Protection are trademarks of Commtouch. Source for data reported in this document is Commtouch. 2007 2 http://www.altn.com/

Emerging Email Threats Combine Spam, Malware from Botnets One of the most notable events of the second quarter occurred at the very end of the quarter the emergence of PDF spam and it demonstrates several key characteristics of today s email threats. These characteristics which will be discussed throughout this report include: evolving spam techniques, extensive use of botnets and blended threats. PDF Spam Eludes Traditional Security Tools With image-based spam now waning, PDF spam is designed to bypass traditional antispam engines and is succeeding in many cases. During one particularly heavy outbreak, PDF spam comprised 10-15% of all global spam during a 24-hour period. Because PDF spam messages are nearly four times larger than other types of spam, total spam traffic increased by 30-40%. Using PDF files to deliver spam exploits the popularity of PDF documents as attachments to legitimate email. The widespread use of PDFs in business email prevents the adoption of general blocking policies, such as those often enacted against.exe,.vbs and.bat files, for example. PDF spam comp rised 10-15% of all global spam during a 24 hour period total spam traffic increased by 30-40%. There have been several distinct types of PDF spam observed: Randomized content similar to image-based spam where letters and backgrounds are randomly altered to limit the effective use of optical character recognition (OCR) technology to detect spam. Professional look-and-feel, which appears similar to legitimate email correspondence, but includes sexual-enhancer, stock-promotion or other questionable content. Figure 1 shows an email and its legitimatelooking PDF spam attachment. Combined spam and malicious software in a single message. Figure 2 shows a message with an attachment promoting a stock, plus a link to a web site containing malware. Figure 1 PDF file attached to spam message appears to be legitimate until you read the content 2007 3 http://www.altn.com/

Figure 2 PDF Spam with promotional PDF and malware URL Botnets Expand in Size and Activity At the midpoint of 2007, massive botnets have become the focus for the convergence of nearly every type of Internet email threat. Because the so-called botmasters spent last year building up their infrastructures, botnets have emerged as powerful and pervasive tools. Botmasters have begun using their networks of zombie PCs to launch blended-threat emails containing both spam and malicious software. Research from Commtouch Reputation Services shows nearly 60% of spam-sending bots also send malware, while more than 65% of all spam sources also send malicious emails. (See Graph 1.) Graph 1 Spam / Malware Source Correlation Snapshot Spam/Malware Source Correlation Snapshot 34% Identified bots sending spam & malware 58% Other sources sending spam & malware 8% Sources sending malware only Source: Commtouch Reputation Services 2007 4 http://www.altn.com/

The growing botnets are now considered Internet enemy number one and the Internet security community is searching for effective means to combat them. This has proven to be difficult because of the dynamic nature of zombie IP addresses. For example, Realtime Black Lists (RBLs) attempt to list offensive IPs so security software can detect email SMTP sessions originating from these blacklisted addresses. Real Time Black Lists are minimally effective against botnets because static lists do not reflect the dynamically changing addresses of zombie PCs. This is evidenced when research tools dynamically detected an average of 343,000 new zombies per day during Q2 2007, as shown in Graph 2. Graph 2 New Zombie Trends Newly Active Zombies new zombie IPs detected 800,000 700,000 600,000 500,000 400,000 300,000 200,000 100,000 0 April - June 2007 Source: Commtouch Reputation Services The email-borne malware sent by botnets carries out a variety of malicious activity such as stealing passwords and personal information, harvesting email addresses and launching distributed denial of service (DDoS) attacks. While traditional defense technologies are falling behind the rapidly advancing malicious tactics, a new blended-security approach is emerging. The email-borne malware sent by botnets carries out a variety of malicious activity such as stealing passwords and personal information, harvesting email addresses and launching distributed denial of service (DDoS) attacks. 2007 5 http://www.altn.com/

Spam Originates from Botnets Worldwide Botnets send from every part of the world. In a 24-hour sample from a recent PDF spam outbreak, messages were sent from no less than 185 countries. The number of messages sent from each IP address ranged from a single message to several thousand. Graph 3 shows the global distribution of active zombie IPs for a randomly sampled 24-hour period during the quarter. Graph 3 Global Distribution of Zombie IPs Global Distribution of Zombie IPs 31% Other 14% Germany 11% US 3% Thailand 10% Poland 3% Italy 3% France 3% Korea 4% Turkey 4% Israel 4% Brazil 5% India 4% China Source: Commtouch Detection Center While botnets are found in every country with Internet access, the amount of spam actually sent from any particular country is closely related to the size of its PC-using population and the availability of broadband Internet access. Of course, the botnet rate of growth is also influenced by the level of computer security. The use of SecurityPlus for MDaemon can minimize the chance of computers in a business being infected and taken over as part of a botnet. Spam Rates Remain Stable Global spam levels remained at 85-90% during Q2 of 2007. Spam levels dipped slightly in April and May then returned to Q1 levels by the end of the second quarter. (See Graph 4.) Although the average level over time is stable, considerable fluctuation is seen from day to day. These fluctuations often result from the rapid-burst distribution method used to evade human-based filters that are subject to delays in classifying new spam outbreaks. By the time honeypots or human reporting systems, such as those based on signature files, recognize a new spam message or blended threat, the outbreak is likely to be over. SecurityPlus for MDaemon uses Recurrent Pattern Detection Technology (RPD ) and Zero Hour Virus Outbreak Protection to detect new threats as they occur. This proactive layer of security minimizes the potential exposure to emerging threats that occurs when a business relies only on a signature-based security application. 2007 6 http://www.altn.com/

Graph 4 Global spam levels Q2 2007 Global Spam Levels spam as a percentage of all global email 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% April May June Medicines Top Most Popular Spam Topics Source: Commtouch Detection Center Pharmaceutical spam increased during the second quarter, with 45% of all spam touting Viagra, Cialis and other medications, up from 12% the previous quarter. Table 1 shows the most popular spam topics by percentage. Table 1 Topics of Email Spam Pharmaceuticals 45% Replicas 7% Stock Pump and Dump 18% Gambling 6 % Sexual Enhancers 10% Software 3% Finance 8% Other 3% Source: Commtouch Reputation Services Image Spam Rates Drop by 50% Image spam, or the technique of sending spam messages as attached GIF or BMP images, now accounts for less than 15% of global spam, a drop from 30% in the first quarter. Detection advancements have likely caused the use of this method to recede. The antispam industry has had ample time to improve its ability to defend against this tactic, so spammers have moved on to newer, more effective PDF spam, for example. 2007 7 http://www.altn.com/

SecurityPlus Provides Layered Security for Email Huge botnets are being used to flood the Internet with spam and distribute email-borne malware. Research shows more than 60% of sources sending spam also launch malware attacks. The current situation requires an affordable, proactive and layered approach to email defense in order to protect against spam, email-borne malware and email connections from malicious IP addresses. SecurityPlus for MDaemon provides a proactive layer of security to protect email users against viruses, spam, phishing attacks, spyware and other types of email-borne threats. It complements and extends the built-in security features of MDaemon. By combining powerful and proactive security safeguards such as Recurrent Pattern Detection Technology (RPD ), Zero Hour Virus Outbreak Protection and email antivirus protection SecurityPlus detects and blocks virtually all known email-borne dangers, plus prevents infestation by newly released threats. Relying on reactive, signature-based security alone can make your email network more susceptible to these new forms of attack. The current situation requires an affordable, layered and complete email defense to protect against spam, email-borne malware and email connections from malicious IP addresses. As a proven security solution for email, SecurityPlus relieves pressure on network resources including bandwidth, computer resources and time by refusing entry to malicious email. It provides extremely high detection rates and protects email without blocking the delivery of legitimate messages. This enables the MDaemon email server to deliver improved communications among employees, partners, vendors and customers by stopping trouble before it starts. 2007 8 http://www.altn.com/

About delivers innovative, affordable, easy-to-use and secure messaging and collaboration solutions used by businesses in over 90 countries and 20 languages worldwide. Headquartered in Grapevine, Texas, flagship solution, the MDaemon email server, is a Windows-based, feature-rich platform that installs in minutes, includes a strong arsenal of security tools and requires minimal administration and maintenance. For more information, visit the Alt-N web site at www.altn.com. 2007 9 http://www.altn.com/

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information