Security threats: Combined attacks thwart most proactive detection

M86 Security has released its latest Security Labs Report which details the emergence of combined attacks that leverage Adobe’s ActionScript and JavaScript languages to thwart most of the new, proactive detection mechanisms.

  • World malware map Where most of the malicious code is being hosted. Source: [[xref:|M86 Security Labs Report, January - June 2010]]
  • Spam volume index Spam remains at high levels, representing 88 per cent of all inbound email to organisations (1H2010). Source: M86 Security Labs Report, January - June 2010
  • Where the spam comes from The bulk of spam is emitted from botnets. M86 Security Labs monitors the spam output from major spam botnets by observing infected machines in a closed environment, and comparing the behaviors with incoming spam feeds to gauge the activity levels of each botnet. Source: M86 Security Labs Report, January - June 2010
  • Spambot malware Most of the spam botnets are template-driven, and the spam-sending component periodically contacts a control server for new spam templates. This is a sample email template for a bot which shows how the bot inserts dates, names, subject lines, spam domains and other data when spam is sent. Source: M86 Security Labs Report, January - June 2010
  • Spam categories Spam promoting cheap online drugs and pharmacies completely dominated the scene, with an 80 per cent share of the 'market' in the last six months. Replica product spam pushing designer rip-off watches and bags came in second at nearly 12 per cent, and there was a steep drop off to all the other minor categories. Source: M86 Security Labs Report, January - June 2010
  • Spam affiliate programs June 2010 Botnet operators make money out of products promoted via spam by signing up to affiliate programs, which pay commissions on every successful sale. The affiliate programs can provide many resources for affiliate members. Depending on the program, these can include preregistered domains, Web landing pages, undetectable executables and daily stats on how many users are visiting their sites. Some affiliate programs have several different ‘brands’ from which members can choose to promote. M86 Security Labs samples spam messages and follow the links to determine the dominant affiliate programs. The “Canadian Pharmacy” brand was behind some 67 per cent of spam in June. The result is in line with previous observations, illustrating the outfit is 'long lasting and operating unhindered', according to M86 Security.
  • Spam domain lifetimes Spammers register new domains regularly in an attempt to keep ahead of Web and email filters. M86 Security Labs took a 60-day sample of spam between January 15th and March 15th 2010, extracted the domains from URLs and recorded the time each domain was actively being advertised by the spammers. The results suggests spam blocking based on specific domains must be real-time to be effective.
  • Malicious spam Email remains a key vector for the distribution and advertising of malware. Mass-mailers like Netsky still exist, but their numbers have dwindled. Today, the biggest concerns arise from malicious attachments and blended threats. Source: M86 Security Labs Report, January - June 2010
Show Comments