2nd Wave of C-Level Targeted Attacks with Increased Sophistication
September 27, 2007; 05:41 AM
New York and London – MessageLabs, the
leading provider of integrated messaging and web security services to
businesses worldwide, today announced the results of its MessageLabs
Intelligence Report for September and 3rd quarter of 2007. The new data
reveals that virus and phishing levels have significantly increased,
reaching levels not seen since early 2006. In addition, MessageLabs
exposes a second wave of highly targeted C-level and senior management
email attacks with increased sophistication and outreach.
With a virus threat now incorporated within every 48 emails,
cyber-criminals are steering away from using the more obvious
attachment method of distribution and favoring the use of links to
malicious websites hosting malware code. This technique, which
increased in popularity by approximately 15 percent this quarter,
enables social engineering-based attacks such as e-postcards to be
Mirroring the recent resurgence in virus attacks, the volume of
phishing threats has also reached exponential levels this month with
every 87 emails comprising of a phishing attack. Through the increased
availability of phishing kits and the uptake of aggressive phishing
techniques such as ‘rock’ phishing, the quantity and severity of these
attacks are able to increase dramatically. ‘Rock’ phishing utilized a
phishing kit which enables a single compromised computer within a
botnet to host multiple phishing sites at the same time.
“The start of the new school year seemed to bring back an increase in
old-school threats and in high volumes. With email more ubiquitous than
the telephone and one in 48 emails containing a virus, most people are
unwittingly receiving more than one virus a day,” said Mark Sunner,
Chief Security Analyst, MessageLabs. “As we enter the last quarter of
2007 and draw closer to the holiday season, the bad guys will be
provided opportunity to disguise their attacks through the increase in
genuine well-wishing emails and the anticipated upsurge in online
shopping traffic. In addition, with the incessant rise of comprised
machines through aggressive botnet activity, further spam level
increases are anticipated.”
September is not just the month of mass-outreach attacks, the highly
targeted approach is still rife. On September 12, more than 1,100
C-level and senior management executives became the target of another
attack, thought to be from the same perpetrators of the June 26 C-level
assault. With increased sophistication, the emails, which purport to be
from a recruitment company, use a Microsoft error message to persuade
the victims to click on the RFT attachment. Once opened, the RFT file
contains an executable which drops two files onto the computer which in
turn will be used to pass sensitive information back to the attacker.
Other report highlights:
Web Security: Analysis shows that 73.8 percent of the malware
intercepted in September was new. Analysis of policy-based traffic
highlighted that corporate tolerance of social networking sites is
diminishing with Facebook being the most blocked site within the
Personal’s and Dating category for SMBs and Friends Reunited top of the
same category for the Enterprise.
Spam: In September, the global ratio of spam in email traffic
from new and unknown bad sources, for which the recipient addresses
were deemed valid, was 73.5 percent, a decrease of 0.5 percent on the
previous month. When reviewing the overall spam rates on a quarterly
basis, a drop of 0.9 percent was observed since Q2 2007.
Viruses: This month, the global ratio of viruses in email
traffic from new and previously unknown bad sources destined for valid
recipients was 1 in 48.8 emails (2.05 percent), an increase of 0.8
percent since last month. Virus and trojan levels have declined
steadily since 2006, with the Q3 2007 rates of 1 in 67.2 emails being
the highest quarterly level since Q2 2006.
Phishing: With an increase of 0.6 percent, one in 87.2 emails
comprises of some form of phishing attack in September, the highest
level to date. When judged as a proportion of all email-borne threats
such as viruses and trojans, the number of phishing emails has risen by
9.7 percent to 56.0 percent of the malware threats intercepted in
September. Over the last quarter, phishing rates have increased from 1
in 232.0 to 1 in 124.3.
- Israel continued to have the highest spam rate
this month with 73.8 percent. Hong Kong was the second most highly
spammed country registering a 6.6 percent increase in spam since
- Japan had the lowest spam rate with 27.1
percent. Germany also saw a sharp decrease of 10.2 percent in spam
rates in the last month, marking a quarterly decline of 6.63 percent.
- India still remains the region most
affected by viruses with 1 in 53 emails containing a virus. The largest
rise in virus activity was observed in the Netherlands where levels
rose by 0.2 percent, from 1 in 750.1 emails in August to 1 in 303.3
emails in September.
The September 2007 & Q3 MessageLabs Intelligence Report provides
greater detail on all of the trends and figures noted above, as well as
more detailed geographical and vertical trends. The full report is
available at www.messagelabs.com/intelligence.aspx.
- The Agriculture sector is still ranked the
most spammed sector with 67.8 percent, marking a slight increase of 0.9
percent from the previous month. Over the previous quarter this marks a
continued increase of 7.36 percent.
- Despite an increase of 3.3 percent,
Finance remains the least spammed sector; this is reflected in a large
quarterly decrease of 11.13 percent.
- Since rising to the top of the virus
chart in August, the education sector continues to retain its position,
with an increase of 0.25 percent in September.
- In contrast to being the most spammed,
Agriculture is the sector least affected by viruses with a further drop
of 0.2 percent in September contributing to a quarterly drop of 0.28
MessageLabs Intelligence is a respected source of data and analysis for
messaging security issues, trends and statistics. MessageLabs provides
a range of information on global security threats based on live data
feeds from our control towers around the world scanning billions of
messages each week.
MessageLabs is a leading provider of integrated messaging and web
security services, with over 15,000 clients ranging from small business
to the Fortune 500 located in more than 80 countries. MessageLabs
provides a range of managed security services to protect, control,
encrypt and archive communications across Email, Web and Instant
These services are delivered by MessageLabs globally distributed
infrastructure and supported 24/7 by security experts. This provides a
convenient and cost-effective solution for managing and reducing risk
and providing certainty in the exchange of business information. For
more information, please visit www.messagelabs.com.