commtouch july 2012 internet threats trend report
DESCRIPTION
TRANSCRIPT
![Page 1: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/1.jpg)
Internet Threats Trend Report
July 2012
![Page 2: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/2.jpg)
July 2012 Threat Report
The following is a condensed version of the July 2012 Commtouch Internet Threats Trend Report
You can download the complete report athttp://www.commtouch.com/threat-report-july-2012
Copyright© 2012 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
![Page 3: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/3.jpg)
Key Security Highlights
![Page 4: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/4.jpg)
Trends in Q2 2012…
Malware Trends
![Page 5: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/5.jpg)
Q2 Malware Trends
Blended attacks mix brands and malware
The attacks all included similar characteristics:• Well-crafted emails matching those of known companies which were sent
out in large volumes. • The emails included links to multiple compromised websites which then
redirected to the malware hosting websites. • The compromised websites were often based on the WordPress content
management system. • The malware itself was mostly hosted on various .ru domains. • The malware pages showed simple messages such as “Please Wait –
Loading” (black text on white). • The same Flash and Adobe Reader exploits were used in most of the
malware
![Page 6: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/6.jpg)
Q2 Malware Trends
Blended attacks mix brands and malware
![Page 7: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/7.jpg)
Q2 Malware Trends
Movie ticket hoax hides malware on Dropbox
• Email offers free movie tickets• Clicking on the links leads to several redirects and scripts• Download of file “entrada_cine.zip” from the following link:
• https://dl.dropbox.com/u/689--025/bts/entrada_cine.zip
![Page 8: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/8.jpg)
Q2 Malware Trends
Email-attached malware
• Increase over Q1 levels• Sample attacks:
• DHL tracking• “why did you put this photo online”
![Page 9: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/9.jpg)
Q2 Malware Trends
Source: Commtouch
Rank Malware name Rank Malware name
1 W32/RLPacked.A.gen!Eldorado 6 W32/Sality.gen2
2 W32/InstallCore.A2.gen!Eldorado 7 W32/RAHack.A.gen!Eldorado
3 W32/Sality.C.gen!Eldorado 8 W32/OnlineGames.FL.gen!Eldorado
4 W32/HotBar.L.gen!Eldorado 9 W32/Vobfus.AD.gen!Eldorado
5 W32/Heuristic-210!Eldorado 10 JS/Pdfka.EV.gen
Top 10 Malware of Q2 2012
![Page 10: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/10.jpg)
Q2 Malware Trends
For a complete analysis of Malware in Q2 and thespecific attacks employed, download the complete July
2012 Internet Threats Trend Reporthttp://www.commtouch.com/threat-report-july-2012
![Page 11: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/11.jpg)
Trends in Q2 2012…
Web Security
![Page 12: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/12.jpg)
Malware and spam campaigns used compromised sites extensively
Q2 Compromised Websites
• Sample LinkedIn email leads to simple notice while malware is downloaded
• Legitimate site continues to function normally
Source: Commtouch
![Page 13: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/13.jpg)
Website categories infected with malware
Q2 Compromised Websites
• Pornographic sites disappeared from the top 10 as many legitimate sites from different categories found themselves hacked and hosting malware
Source: Commtouch
Rank Category Rank Category
1 Education 6 Sports
2 Travel 7 Leisure & Recreation
3 Business 8 Health & Medicine
4 Entertainment 9 Fashion and beauty
5 Restaurants and dining
10 Streaming media and downloads
![Page 14: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/14.jpg)
Phishing campaigns also using compromised sites
Q2 Compromised Websites
• Sample – Yahoo phishing uses compromised photography site from Romania
• Legitimate site continues to function normally
Source: Commtouch
![Page 15: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/15.jpg)
Q2 Compromised Websites
• During the second quarter of 2012, Commtouch analyzed which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner).
• Portals (offering free website hosting) remained at the highest position.
Rank Category Rank Category
1 Portals 6 Business
2 Fashion & Beauty
7 Arts
3 Sports
8 Streaming media and downloads
4 Shopping
9 Computers and technology
5 Education 10 Travel
Source: Commtouch
Website categories infected with phishing
![Page 16: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/16.jpg)
Q2 Web Security
Download the complete July 2012 InternetThreats Trend Report for more details
http://www.commtouch.com/threat-report-july-2012
![Page 17: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/17.jpg)
Trends in Q2 2012…
Spam Trends
![Page 18: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/18.jpg)
Q2 Spam Trends
Source: Commtouch
Spammers invent “Facebook Social”
Links lead via compromised sites to pharmacy sites
![Page 19: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/19.jpg)
Q2 Spam Trends
Source: Commtouch
Phony MySpace, Facebook emails
Links lead to the “wikipharmacy”
![Page 20: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/20.jpg)
Q2 Spam Trends
• Marginal decrease compared to previous quarter• Average daily spam levels dropped to 91 billion spam and phishing
emails/day
Source: Commtouch
Spam levels – Jan to June 2012
Spam Levels
![Page 21: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/21.jpg)
• Spam averaged 76% of all emails in Q2
Q2 Spam Trends
Source: Commtouch
Spam % of all emails – Jan to June 2012
Spam %
![Page 22: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/22.jpg)
Q2 Spam Trends
Subjects include:• Pharmaceuticals (pills, pfizer) • Replicas (Breitling, replica) • Enhancers
Source: Commtouch
Spam cloud for Q2 2012
![Page 23: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/23.jpg)
Q2 Spam Trends
• Pharmacy spam continued to increase, as it did last quarter, to nearly 41% of all spam (~3% more than the previous quarter)
• Enhancer and diet-themed spam increased while replica spam dropped almost 8%
Source: Commtouch
Spam Topics in Q2
![Page 24: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/24.jpg)
Q2 Spam Trends
Top Faked (Spoofed) Spam Sending Domains*
* Domains used by spammers in the “from” field of the spam emails.
Source: Commtouch
![Page 25: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/25.jpg)
Q2 Spam Trends
Find out more about Spam Trends in Q2 bydownloading the complete JulyInternet Threats Trend Report
http://www.commtouch.com/threat-report-july-2012
![Page 26: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/26.jpg)
Trends in Q2 2012…
Zombie Trends
![Page 27: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/27.jpg)
Q2 Zombie Trends
• Average turnover: 303,000 newly activated each day sending spam (increase from 270,000 in Q1 2012)
Daily Turnover of Zombies in Q2
Sou
rce
: C
omm
touc
h
Daily newly activated spam zombies: Jan to June 2012
![Page 28: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/28.jpg)
Q2 Zombie TrendsWorldwide Zombie Distribution in Q2
• India again claimed top zombie producer title, moving above 20%• Poland, Italy, and Indonesia dropped out of the top 15, replaced
by Saudi Arabia, Romania, and more surprisingly, Germany – which has stayed well out of the top 15 for over one and a half years.
Source: Commtouch
![Page 29: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/29.jpg)
Download the complete July 2012 InternetThreats Trend Report for more details
http://www.commtouch.com/threat-report-july-2012
Q2 Zombie Trends
![Page 30: Commtouch july 2012 internet threats trend report](https://reader035.vdocument.in/reader035/viewer/2022062510/54563472af79593e5c8b582e/html5/thumbnails/30.jpg)
For more information contact:[email protected]
650 864 2000 (Americas) +972 9 863 6895 (International)
Web: www.commtouch.comBlog: http://blog.commtouch.com