MessageLabs Intelligence: August 2007 Storm botnet serves-up a diet of fast-flux spam
|
|
- Britton Holland
- 5 years ago
- Views:
Transcription
1 Be certain MessageLabs Intelligence: August 2007 Storm botnet serves-up a diet of fast-flux spam Introduction Welcome to the August 2007 edition of the MessageLabs Intelligence monthly report. This report provides the latest threat trends and statistics to keep you informed regarding the ongoing fight against viruses, spam and other unwelcome content. Top line results of this report include: Spam 74.0% in August (an increase of 3% since July) Viruses One in s in August contained malware (a decrease of 0.14% since July) Phishing One in s comprised a phishing attack (a fall of 0.32% since July) Invitation to join the Storm botnet In recent weeks MessageLabs has observed a large increase in s that ostensibly contain links to virtual postcards, and other rouses such as invitations to download beta software, or view videos on the popular YouTube site; however, these are actually being sent from the large Storm botnet, now estimated to comprise around 1.8 million computers worldwide. This culminated in an attack on the 15th August which comprised of approximately 600,000 s in 24 hours. Although the body text and subject lines keep changing, the s always consist of simple text or HTML including a single link to an IP address. That IP address refers to another infected machine within the botnet, which subsequently redirects to a backend server in an attempt to infect the victim with a copy of the Storm trojan code. Each attack seems to utilize a number of different templates for each theme, with the target addresses generating relatively few delivery failures. This indicates that most of the addresses are genuine and have almost certainly been harvested from other infected computers within the botnet. In the case of the Storm s, the backend server automatically re-encodes the malware it is serving-up every half hour to make signaturing difficult for traditional anti-virus vendors, using a technique known as server-side polymorphism. There is no malicious code contained within the itself and the links are constantly changing. Given that any one of the machines in the botnet can perform the redirection, there are around 1.8 million possible permutations. One interesting self-protection mechanism of the botnet is that it monitors the IP addresses of computers that download the trojan code, and if it sees the same addresses downloading multiple copies too many times then it launches a distributed denial of service (DDoS) attack at the addresses. Although it has sometimes been dubbed Storm Worm, it is not technically a worm. It is not a virus in the traditional sense either, and it doesn t use any exploit in order to achieve its goal. Fundamentally, it is a trojan with the purpose of creating a massive botnet through which the Storm writers can send spam in large volumes. Storm has also been called Zhelatin, Peacomm and Nuwar, as well as some other names. MessageLabs 2007
2 Here is an example of a recent mail sent from the Storm botnet: The location of the command & control servers used to manipulate the botnet are safeguarded behind a rapidly changing dynamic DNS technique known as fast-flux, a similar method to the bullet-proof hosting schemes that spammers have often used in the past, making it difficult to locate and take-down their hosting sites and their mail servers. A typical command & control mechanism relies on the availability of key IRC servers that are used to communicate with the bots. If these servers are disrupted then control of the botnet is lost. In effect, the controllers of some of the larger botnets like Storm and Warezov are now using fast-flux techniques. The DNS record of each of the command & control servers is redirected to a number of different IP addresses, sometimes hundreds or thousands of different addresses are used. Each DNS record is created with short Time-To-Live (TTL) entries, and it may be seen from the example below that the TTL is set to a very low number, representing the number of seconds each record should be cached by anyone requesting the address. This prevents the record from being cached for too long and ensures that queries to resolve the IP address of the domain will return a different address as often as possible. Fast-flux also relies on the DNS records for these hosts changing as often as possible, building redundancy into the botnet infrastructure. Hence the address (A) records returned for each request often point to compromized hosts within the botnet itself and are changed every few minutes. In some scenarios the Name Server (NS) records for the DNS servers hosting the domain are also changed frequently, making it almost impossible to distrupt the botnet using traditional practices. 2
3 The example below shows a typical fast-flux domain: $ wildcard.malaga-53.com a ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;wildcard.malaga-53.com. IN A ;; ANSWER SECTION: wildcard.malaga-53.com. 180 IN A wildcard.malaga-53.com. 180 IN A wildcard.malaga-53.com. 180 IN A wildcard.malaga-53.com. 180 IN A wildcard.malaga-53.com. 180 IN A Low TTL All Dynamic Hosts Often the A records don t actually point directly to the destination site, rather they may lead to a bot that subsequently redirects the victim elsewhere, acting as a proxy for the traffic to the actual destination. Here is another example of an sent via the Storm botnet:
4 Global Trends & Content Analysis MessageLabs Anti-Spam and Anti-Virus Services focus on identifying and averting unwanted communications originating from new and unknown bad sources that are addressed to valid recipients. Skeptic Anti-Spam Protection: In August 2007, the global ratio of spam in traffic from new and unknown bad sources, for which the recipient addresses were deemed valid, was 74.0% (1 in s), an increase of 3.0% on the previous month. Over the first half of 2007 there has been a strong trend showing an increase in the volume of spam, especially in recent months. Assuming this trend will continue, MessageLabs is expecting an increase of between 45% and 55% in spam volumes during September 2007, resulting in a rise of 2-3% in the overall spam-to-mail ratio. Historically, September is a prime month for spam spikes with MessageLabs noting a large increase in the volume of spam traffic during September 2006, especially targeting the Education sector. In recent weeks, the number of spam events has remained fairly static, with a few notable exceptions which consisted largely of 1 or 2 large spam runs on a scale able to affect the monthly average traffic more noticeably, mostly comprising of Casino spam and Wristwatch spam. Spam rate 74.0% Current Trend Outlook % 90% 80% 70% 60% Peak: July % Six Month Avg. 73.6% Last Month 71.0% % The spam rate of 74.0% is actually lower than the true spam figure since MessageLabs Traffic Management enables control of the amount of bandwidth given to absolutely known bad-sources of spam and then throttles those connections, slowing them down to a crawl. To the spammer, it appears they are talking to a very slow modem. In turn, this makes it incredibly painful for spammers attempting to send spam to MessageLabs clients as Traffic Management effectively pushes the spam back to the spammers networks and slows down the ability to send lots of spam. Consequently, many such connections eventually time-out or move on to softer targets. If we look at the amount of spam hitting MessageLabs honey-pots, which are unprotected by comparison, this figure would be much closer to 83.7%, an increase of 0.4% since July. This is largely due to the Traffic Management controls which are able to identify and stop a greater proportion of known spam from known bad sources. For further information, please refer to the section on Traffic Management later in this report. Skeptic Anti-Virus and Trojan Protection: The global ratio of -borne viruses in traffic from new and previously unknown bad sources destined for valid recipients, was 1 in s (1.24%) in August, a decrease of 0.14% since last month. Virus rate 1 in 80.4 Current Trend Outlook 23 1 in in 0 1 in 20 1 in 40 1 in 60 1 in 80 1 in 100 Peak: Apr 04 1 in 10.4 Six Month Avg. 1 in Last Month 1 in in in 140 4
5 In August the number of s that contained links to malicious code increased by 19%, from 0.5% in July to 19.5%. This means that the proportion of virus activity relating to s that do not contain a malicious attachment, but do contain a link to a site hosting malicious code has increased. This is largely due to the increase in activity around the StormWorm botnet, where the s are crafted to appear as links to virtual postcard sites, but that really contain links to the StormWorm trojan. Phishing: August showed a fall of 0.32% in the proportion of phishing attacks compared with the previous month. One in (0.58%) s comprised some form of phishing attack. Phishing 1 in Current Trend Outlook 23 1 in in 0 1 in in in in in 500 Peak: Jan 07 1 in 93.3 Six Month Avg. 1 in 220 Last Month 1 in in 600 When judged as a proportion of all -borne threats such as viruses and trojans, the quantity of phishing s has fallen by 18.5% since the previous month, now accounting for 46.3% of malicious traffic intercepted in August. Skeptic Web Security Services Version 2.0: MessageLabs Web Security Services version 2.0, built on MessageLabs proprietary technology using Skeptic, enables MessageLabs to take the very latest threat and reputation information from other protocols, such as , and apply that knowledge to web traffic. Web Security Services (Version 2.0) Activity: Policy-Based Filtering Web Viruses and Trojans Potentially Unwanted Programs Advertisements & Popups 45.08% Unclassified 14.88% Streaming Media 10.62% Personals & Dating 5.87% Adult/Sexually Explicit 3.47% Web-based 3.44% Downloads 2.75% Gambling 2.32% Photo Searches 2.15% Chat 1.98% New Malware.n 26.45% Suspicious IFrame.b 12.05% NetSniff 6.12% PWS-LegMir 4.88% VBS/Psyme 4.79% New Malware.aq 4.55% Tool-TFTPD % JS/Downloader-AUD 2.12% Trojan-Downloader.VBS.Small.co 2.05% WinFixer 1.96% PUP-SaveNow 54.35% PUP-GAIN 43.93% PUP-Mirar 0.55% PUP-HotBar 0.41% PUP-ZangoSA 0.33% PUP-WebHancer 0.13% PUP-CoolBar 0.05% PUP-ISTBar 0.05% PUP-HotBar.dr 0.03% PUP-BDSearch 0.03% It can be seen from the chart above that Advertisements & Popups (45.08%) is the most common trigger for policybased filtering applied by MessageLabs for its business clients. This represents a decrease of 4.26% on the previous month. Further analysis shows that 10.8% of the malware intercepted was new in August. Further analysis of the policy-based traffic shows that for small-medium sized businesses (SMB), an average of 21.8 attempted connections per user per month were blocked for Streaming Media sites, compared with 13.5 for largersized organizations. Social networking sites, such as MySpace and Facebook were also attracting a lot of attention this month, classified within Personals & Dating. SMBs were blocking around 5.8 attempted visits per user per month, compared with 6.7 attempts per user per month for larger businesses. Adult-orientated content also poses a greater risk to SMBs as around 6.2 attempted connection per user per month were blocked, compared with 1.1 for larger businesses. For example, in an organization with 100 employees, 620 attempts 5
6 may be expected to be blocked in one month, compared with around 1,100 for a company with 1,000 employess. The Unclassified category identifies new and previously uncategorized sites that potentially need to be prohibited. The Unclassified category affords more confidence when defining new rules. This means that newly detected malicious sites are handled more appropriately until categorized, thereby safeguarding against domain kiting sites which appear and disappear within a 24 to 48 hour timeframe. Such sites may be used for disreputable purposes, such as hosting phishing and spam sites, disseminating information-stealing trojans and other fraudulent activities. MessageLabs found that 78.7% of web viruses and 88.4% of spyware intercepted were classified in the Unclassified category, suggesting that the majority of these interceptions were hosted on web sites that were previously unknown and uncategorized. An average of 1,772 new malicious sites were identified and blocked each day during August. An increase of 783 per day since July. Geographical Breakdown: Based on Targeted Countries Monthly Analysis: By analyzing the geographical dispersal of traffic where possible, MessageLabs compiles data that shows the impact and vulnerability rates of spam and viruses specific to geographies. The charts below reflect impact and ratios for August Spam rate by geography Top 5 Israel 70.7% Hong Kong 64.8% Germany 58.5% United States 58.0% France 51.4% Lowest India Japan 29.5% 23.1% The most significant rise in spam levels was experienced in Israel with an increase of 9.9% in August, closely followed by France with 9.5% and Spain with 9.2%. The top five countries affected in July remains unchanged in August. The majority of countries received an increase in spam, with only Japan and Sweden having a slight decrease in levels of 1.5% and 0.9% respectively. Virus rate by geography Top 5 India 1 in 27.8 Switzerland 1 in 39.2 Germany 1 in 41.5 United Arab Emirates 1 in 42.1 Austria 1 in 45.5 Lowest Sweden Netherlands 1 in in
7 Although India still remains the most affected country for virus activity, the levels of attack decreased by 1.69% in August, the most significant decrease of all countries. The greatest increase across all geographies in August occurred in Spain, where activity rose by 0.09%. Further details may be found in the appendices at the end of this report. Vertical Industry Breakdown Monthly Analysis: By analyzing the market distribution of traffic where possible, MessageLabs compiles data that shows the impact and vulnerability rates of spam and viruses specific to major industry sectors. The charts below reflect impacts and ratios for August Spam rate by vertical Virus rate by vertical Agriculture 66.9% Education 1 in 42.6 Telecoms 64.6% Chem/Pharm 1 in 46.4 Top 5 Education Manufacturing 58.1% 57.0% Top 5 Retail Wholesale 1 in in 62.1 Marketing/Media 53.1% Accom/Catering 1 in 63.7 Lowest Building/Cons Finance 31.7% 30.5% Lowest Telecoms Agriculture 1 in in The greatest increase in spam activity across all industry sectors during August was observed in the Telecoms vertical, where spam rose by 22.3% since July and repositioned this vertical as the second most spammed sector. All other verticals in the top five received an increase in spam of between 0.1% and 4.3%. The largest decrease was noted for the Business Support Services vertical, which fell by 6.2%. Education moves to the top of the table in August despite a fall in virus activity of 0.18%. The greatest rise in virus activity during August occurred in the Accommodation & Catering vertical, where levels increased by 0.22% since July. The greatest decrease noted was for the Chemical & Pharmaceutical sector, where levels fell by 0.54%. Further details may be found in the appendices at the end of this report. 7
8 Traffic Management (Protocol Level) Traffic Management continues to reduce the overall message volume through techniques operating at the protocol level. Unwanted senders are identified and connections to the mail server are slowed using features embedded in the TCP protocol. Incoming volumes of known spam are significantly slowed, while legitimate is expedited. In August, MessageLabs processed an average of 2.32 billion SMTP connections per day, at a rate of 1.3 messages per connection; of which 86.4% were throttled back as a result of traffic management protocol controls for traffic that was unequivocally malicious or unwanted. The remainder of these connections is subsequently processed by MessageLabs Connection Management controls and Skeptic. Connection Management Connection Management is particularly effective in stopping directory harvest, brute force and denial of service attacks, where unwanted senders send high volumes of messages to force spam into an organization or disrupt business communications. Connection Management works at the SMTP level using techniques that verify legitimate connections to the mail server. It is comprised of the following: SMTP Validation: Identifies unwanted originating from known spam-and virus-sending sources, where the source can unequivocally be identified as an open proxy or a botnet, and rejects the connection accordingly. In August, an average of 49.2% of inbound messages was intercepted from botnets and other known malicious sources and rejected as a consequence. Registered User Address Validation: Reduces the overall volume of s for registered domains by discarding connections for which the recipients are identified as invalid or non-existent. In August, an average of 5.2% of recipient addresses was identified as invalid. These were attempted directory attacks on domains that were prevented as a result. Summary The table below details the current impact of traffic and connection management techniques on unwanted volume being measured by MessageLabs Intelligence. Without these additional multiple layers of defense, spam traffic destined for MessageLabs clients in August would otherwise account for around 83.7% of global traffic, an increase of 0.3% on the previous month. Traffic Management SMTP Validation User Validation Region (protocol control) (behaviour analysis ) (directory attacks) USA 87.9% 49.2% 4.7% UK 85.3% 41.4% 4.9% Europe 82.7% 40.6% 7.2% Asia Pacific 69.9% 42.3% 0.7% Worldwide 86.4% 49.2% 5.2% Effects of Traffic Management Techniques MessageLabs is a leading provider of integrated messaging and web security services, with over 15,000 clients ranging from small business to the Fortune 500 located in more than 80 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across , Web and Instant Messaging. These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit For further information on MessageLabs Intelligence, please visit and register to receive regular alerts and reports. NB: All figures mentioned in this report were correct at the time of going to press. 8
9 Appendices Appendix I: Spam Rate by Geography (August 2007) August July Change Australia 36.9% 33.1% 3.8% Austria 45.0% 42.1% 2.9% Belgium 51.4% 42.9% 8.5% Canada 50.3% 41.4% 8.9% China 50.4% 49.8% 0.6% France 58.0% 48.5% 9.5% Germany 58.5% 54.9% 3.6% Hong Kong 64.8% 59.7% 5.1% India 32.9% 27.7% 5.2% Ireland 50.0% 45.0% 5.0% Israel 70.7% 60.8% 9.9% Italy 36.7% 30.8% 5.9% Japan 23.1% 24.6% -1.5% Netherlands 33.6% 32.4% 1.2% Singapore 44.0% 37.7% 6.3% Spain 41.3% 32.1% 9.2% Sweden 29.5% 30.4% -0.9% Switzerland 43.1% 37.9% 5.2% United Arab Emirates 38.2% 35.2% 3.0% United Kingdom 41.4% 39.8% 1.6% United States 50.5% 50.5% 0.0% 9
10 Appendix II: Virus Rate by Geography (August 2007) August July Change Australia 0.54% 0.74% -0.20% Austria 2.20% 2.21% -0.01% Belgium 0.51% 0.48% 0.03% Canada 1.41% 1.39% 0.02% China 1.65% 2.26% -0.61% France 1.79% 1.89% -0.10% Germany 2.41% 2.90% -0.49% Hong Kong 2.15% 2.70% -0.55% India 3.60% 5.29% -1.69% Ireland 1.28% 1.71% -0.43% Israel 1.30% 1.30% 0.00% Italy 1.83% 1.87% -0.04% Japan 0.90% 0.83% 0.07% Netherlands 0.13% 0.51% -0.38% Singapore 2.00% 2.17% -0.17% Spain 1.26% 1.17% 0.09% Sweden 0.26% 0.25% 0.01% Switzerland 2.55% 3.11% -0.56% United Arab Emirates 2.38% 3.12% -0.74% United Kingdom 1.14% 1.26% -0.12% United States 1.18% 1.51% -0.33% 10
11 Appendix III: Spam Rate by Vertical (August 2007) August July Change Accom/Catering 41.4% 38.1% 3.3% Agriculture 66.9% 66.8% 0.1% Building/Cons 31.7% 31.6% 0.1% Business Support Services 36.7% 42.9% -6.2% Chem/Pharm 47.8% 42.5% 5.3% Education 58.1% 53.8% 4.3% Estate Agents 34.1% 31.8% 2.3% Finance 30.5% 29.3% 1.2% General Services 41.7% 34.3% 7.4% Gov/Public Sector 39.1% 39.9% -0.8% Health Care 45.7% 49.1% -3.4% IT Services 49.8% 48.7% 1.1% Manufacturing 57.0% 57.1% -0.1% Marketing/Media 53.1% 50.9% 2.2% Mineral/Fuel 38.0% 38.9% -0.9% Non-Profit 46.1% 44.2% 1.9% Prof Services 43.7% 41.0% 2.7% Recreation 39.2% 37.9% 1.3% Retail 42.8% 42.2% 0.6% Telecoms 64.6% 42.3% 22.3% Transport /Util 40.8% 39.0% 1.8% Wholesale 51.4% 46.3% 5.1% 11
12 Appendix IV: Virus Rate by Vertical (August 2007) August July Change Accom/Catering 1.57% 1.35% 0.22% Agriculture 0.27% 0.33% -0.06% Building/Cons 0.82% 0.82% 0.00% Business Support Services 0.58% 0.50% 0.08% Chem/Pharm 2.16% 2.70% -0.54% Education 2.35% 2.53% -0.18% Estate Agents 1.09% 0.99% 0.10% Finance 0.88% 0.88% 0.00% General Services 0.77% 0.96% -0.19% Gov/Public Sector 0.97% 0.83% 0.14% Health Care 1.06% 1.25% -0.19% IT Services 1.33% 1.58% -0.25% Manufacturing 1.29% 1.47% -0.18% Marketing/Media 1.19% 1.43% -0.24% Mineral/Fuel 1.16% 1.33% -0.17% Non-Profit 1.05% 1.04% 0.01% Prof Services 1.53% 1.70% -0.17% Recreation 0.90% 1.04% -0.14% Retail 1.72% 1.95% -0.23% Telecoms 0.41% 0.29% 0.12% Transport /Util 1.01% 1.20% -0.19% Wholesale 1.61% 1.62% -0.01% 12
Be certain. MessageLabs Intelligence: May 2006
Be certain MessageLabs Intelligence: May 2006 Introduction Welcome to the May edition of the MessageLabs Intelligence monthly report. This report provides the latest threat trends for May 2006 to keep
More informationMessageLabs Intelligence: October 2006 Do you want spam with that spam?
Be certain MessageLabs Intelligence: October 2006 Do you want spam with that spam? Introduction Welcome to the October edition of the MessageLabs Intelligence monthly report. This report provides the latest
More informationMay 2011 Intelligence Report
Symantec.cloud MessageLabs Intelligence May 2011 Intelligence Report For the First Time, Spammers Establish Their Own Fake URL-Shortening Services; Spam Rate Rises by 2.9% Welcome to the May edition of
More informationTop 10 Global Threat Rank by Source
Symantec Internet Security Threat Report, Volume 21 1 Top 10 Threat by Source WORLD RANK PERCENTAGE OF GLOBAL DETECTIONS China 1 2 10.6% 23.7% United States 2 1 18.9% 20.7% India Netherlands Taiwan Turkey
More informationIsrael Internet Security Threat Profile
Israel Internet Security Threat Profile Worldwide Ranking.%.%.%.%.%.%.%.%.%.%.% Overall Average Spam Zombies Malicious Code Phishing Hosts Bots Network Attacking Countries Copyright Symantec Corporation.
More informationSecuring Your Business Against the Diversifying Targeted Attacks Leonard Sim
Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim Manager, Client & Partner Services, Asia 1 Agenda 2010 Threats Targeted Attacks Defense Against Targeted Attacks Questions 2
More information>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE?
>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE? >CONTENTS >WHAT IS MESSAGING AND WEB SECURITY? >P1 >EMAIL THREATS >P1 >VIRUSES
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationSecond International Barometer of Security in SMBs
1 2 Contents 1. Introduction. 3 2. Methodology.... 5 3. Details of the companies surveyed 6 4. Companies with security systems 10 5. Companies without security systems. 15 6. Infections and Internet threats.
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationPhishing Activity Trends Report August, 2005
Phishing Activity Trends Report August, 25 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More informationSecurity report Usuario de Test
Security report Usuario de Test Servidor Cloud Period: 2018/MAY/13-2018/MAY/20 INDEX SUMMARY 2 Overview 3 Comparison with other users 5 Services and IPs included in this report 6 Traffic 7 Inbound and
More informationMcAfee Labs Threat Report
McAfee Labs Threat Report December 217 THREATS STATISTICS Malware Incidents Web and Network Threats 1 McAfee Labs Threat Report, December 217 The McAfee Labs count of new malware in Q3 reached an all-time
More informationInternet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008
Internet Security Threat Report Volume XIII Patrick Martin Senior Product Manager Symantec Security Response October, 2008 Agenda 1 ISTR XIII Important Facts 2 ISTR XIII Key Messages 3 ISTR XIII Key Facts
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of September, 2007 Summarization of September Report Findings The total number of unique phishing reports submitted to APWG in September 2007 was 38,514, an
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received rose to 24,853 in, an increase of over 1, from February but still more than
More informationBotnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer
Botnets: major players in the shadows Author Sébastien GOUTAL Chief Science Officer Table of contents Introduction... 3 Birth of a botnet... 4 Life of a botnet... 5 Death of a botnet... 8 Introduction
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationFor example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.
About Anti-Spam NOTE: Anti-Spam is a separate, licensed feature that provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing firewall.
More informationRed Condor had. during. testing. Vx Technology high availability. AntiSpam,
Lab Testing Summary Report July 21 Report 167 Product Category: Email Security Solution Vendors Tested: MessageLabs/Symantec MxLogic/McAfee SaaS Products Tested: - Cloudfilter; MessageLabs/Symantec Email
More informationIBM Express Managed Security Services for Security. Anti-Virus Administrator s Guide. Version 5.31
IBM Express Managed Security Services for Email Security Anti-Virus Administrator s Guide Version 5.31 Table of Contents 1. Service overview...3 1.1 Welcome... 3 1.2 Anti-Virus (AV) features... 3 1.3 How
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationEasy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.
Security Solutions Our security suite protects against email spam, viruses, web-based threats and spyware while delivering disaster recovery, giving you peace of mind so you can focus on what matters most:
More informationJPCERT/CC Incident Handling Report [January 1, March 31, 2018]
JPCERT-IR-2018-01 Issued: 2018-04-12 JPCERT/CC Incident Handling Report [January 1, 2018 - March 31, 2018] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationIC B01: Internet Security Threat Report: How to Stay Protected
IC B01: Internet Security Threat Report: How to Stay Protected Piero DePaoli Director, Product Marketing IC B01: Internet Security Threat Report: How to Stay Protected 1 Topics 1 Targeted Attacks 2 Spam
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationUsing Centralized Security Reporting
This chapter contains the following sections: Centralized Email Reporting Overview, on page 1 Setting Up Centralized Email Reporting, on page 2 Working with Email Report Data, on page 4 Understanding the
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationEthical Hacking and. Version 6. Spamming
Ethical Hacking and Countermeasures Version 6 Module XL Spamming News Source: http://www.nzherald.co.nz/ Module Objective This module will familiarize you with: Spamming Techniques used by Spammers How
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationReal Security. In Real Time. White Paper. Preemptive Malware Protection through Outbreak Detection
Real Security. In Real Time. White Paper Preemptive Malware Protection through Detection Table of Contents Executive Summary...2 Response Time to New s The Achilles Heel of the Anti-Virus Industry...3
More informationDNS Security. Ch 1: The Importance of DNS Security. Updated
DNS Security Ch 1: The Importance of DNS Security Updated 8-21-17 DNS is Essential Without DNS, no one can use domain names like ccsf.edu Almost every Internet communication begins with a DNS resolution
More informationKeysight Technologies Multi-Vendor Cellular Networks and Value Driven Optimization. Application Note
Keysight Technologies Multi-Vendor Cellular Networks and Value Driven Optimization Application Note Introduction In today s mobile networks, revenue per transported bit is constantly decreasing, while
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationMachine-Powered Learning for People-Centered Security
White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today
More informationFighting the. Botnet Ecosystem. Renaud BIDOU. Page 1
Fighting the Botnet Ecosystem Renaud BIDOU Page 1 Bots, bots, bots Page 2 Botnet classification Internal Structure Command model Propagation mechanism 1. Monolithic Coherent, all features in one binary
More informationElementary Computing CSC 100. M. Cheng, Computer Science
Elementary Computing CSC 100 1 Internet (2) TCP/IP and IP Addresses Hostnames and Domain Name System Internet Services Client/Server and Peer- 2- Peer Applications SPAMs & Phishing, Worms, Viruses & Trojans
More informationUTM 5000 WannaCry Technote
UTM 5000 WannaCry Technote The news is full of reports of the massive ransomware infection caused by WannaCry. Although these security threats are pervasive, and ransomware has been around for a decade,
More informationProtecting from Attack in Office 365
A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. Protecting
More information3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017
3 Ways to Prevent and Protect Your Clients from a Cyber-Attack George Anderson Product Marketing Director Business October 31 st 2017 Agenda One ounce of prevention is worth a pound of protection 01 Aiming
More informationMARKET NEWSLETTER No 69 February 2013
Standing at 543 600 t, Spanish olive oil production in the first four months of 2012/13 was 62 pc down on the previous season, according to Spain s Olive Oil Agency. Although there are still some months
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationGlobal DDoS Threat Landscape
DDOS REPORT Global DDoS Threat Landscape OVERVIEW Overview The number of network layer attacks continued to fall in, the fourth consecutive quarterly drop since peaking in Q2 2016. After reaching a record
More informationWhat is an application delivery controller?
What is an application delivery controller? ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery
More informationMESSAGING SECURITY GATEWAY. Solution overview
MESSAGING SECURITY GATEWAY Solution overview April 2017 CONTENTS Executive Summary...3 The case for email protection and privacy... 3 Privacy in email communication... 3 LinkedIn Phishing Sample...4 Messaging
More informationProlexic Attack Report Q4 2011
Prolexic Attack Report Q4 2011 Prolexic believes the nature of DDoS attacks are changing: they are becoming more concentrated and damaging. Packet-per-second volume is increasing dramatically, while attack
More informationSecure Network Design Document
Secure Network Design Document May 3, 2007 Authored by: Steven Puzio TABLE OF CONTENTS I. Overview... 3 II. Company Information... 5 III. Wiring Closet Cabling and Design... 6 IV. Network Electronics Selection...
More informationDEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER
DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER D-Zone DNS Firewall 18-10-20171 EXECUTIVE SUMMARY Cyber attacks continue to grow at an alarming rate with ransomware
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More informationXG Firewall. What s New in v17. Setup, Control Center and Navigation. Initial Setup Wizard. Synchronized App Control Widget.
XG Firewall What s New in v17 Setup, Control Center and Navigation Initial Setup Wizard Introduced in a Maintenance Release, a new initial setup wizard enables quick and easy out-of-the-box setup. In addition
More informationJPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]
JPCERT-IR-2015-05 Issued: 2016-01-14 JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationEMC GLOBAL DATA PROTECTION INDEX STUDY KEY RESULTS & FINDINGS FOR THE USA
EMC GLOBAL DATA PROTECTION INDEX STUDY KEY RESULTS & FINDINGS FOR THE USA 1 THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2 KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION
More informationBOTNET-GENERATED SPAM
BOTNET-GENERATED SPAM By Areej Al-Bataineh University of Texas at San Antonio MIT Spam Conference 2009 www.securitycartoon.com 3/27/2009 Areej Al-Bataineh - Botnet-generated Spam 2 1 Botnets: A Global
More informationEMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR ITALY
EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR ITALY 1 THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2 GLOBAL KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION
More informationEMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR BRAZIL
EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR BRAZIL 1 THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2 GLOBAL KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationThe Mimecast Security Risk Assessment Quarterly Report May 2017
The Mimecast Email Security Risk Assessment Quarterly Report May 2017 The Mimecast Email Security Risk Assessment Quarterly Report May 2017 Many organizations think their current email security systems
More informationBUSINESS QUALITY DEDICATED INTERNET ACCESS. UUdirectSM
BUSINESS QUALITY DEDICATED INTERNET ACCESS UUdirectSM BUSINESS QUALITY DEDICATED INTERNET ACCESS Internet Access UUdirect The UUdirect service provides a permanently open, high bandwidth, dedicated connection
More informationLayer by Layer: Protecting from Attack in Office 365
Layer by Layer: Protecting Email from Attack in Office 365 Office 365 is the world s most popular office productivity suite, with user numbers expected to surpass 100 million in 2017. With the vast amount
More informationWick Hill Group, River Court, Albert Drive, Woking, Surrey, GU21 5RP
2009, 2014 & 2015- Winner Finalist 2010, 2011, 2013 & 2016 2007, 2008, 2009, 2010 & 2015 WINNER 2007, 2008, 2009, 2010 2011, 2013, 2014, 2015 & 2016 2010, 2011, 2012, 2013, 2014 & 2015 Wick Hill Group,
More informationEMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR HONG KONG
EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR HONG KONG 1 THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2 GLOBAL KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationEMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR INDIA
EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR INDIA 1 THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2 GLOBAL KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION
More informationPhishing. Eugene Davis UAH Information Security Club April 11, 2013
Phishing Eugene Davis UAH Information Security Club April 11, 2013 Overview A social engineering attack in which the attacker impersonates a trusted entity Attacker attempts to retrieve privileged information
More informationGTIC Monthly Threat Report June 2017
GTIC Monthly Threat Report June 2017 Trickbot mac1 Phishing Campaign Name GTIC Monthly Threat Report June 2017 Owner Classification Status NTT Security GTIC TICT Aaron Perkins UNCLASSIFIED-EXTERNAL APPROVED
More informationTechnology Lifecycle Management Assessment. Know your network - achieve business agility
Technology Lifecycle Management Assessment Know your network - achieve business agility Your network is the platform on which you build the success of your organisation. In addition to connecting your
More informationSmall Office Security 2. Mail Anti-Virus
Small Office Security 2 Mail Anti-Virus Table of content Table of content... 1 Mail Anti-Virus... 2 What is Mail Anti-Virus... 2 Enabling/Disabling Mail Anti-Virus... 2 Operation algorithm of Mail Anti-Virus...
More informationMarshal s Defense-in-Depth Anti-Spam Engine
Marshal s Defense-in-Depth Anti-Spam Engine January 2008 Contents Overview 2 Features 3 Summary 6 This whitepaper explores the underlying anti-spam and anti-phishing defense technology in Marshal s world
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationDynamic Botnet Detection
Version 1.1 2006-06-13 Overview The widespread adoption of broadband Internet connections has enabled the birth of a new threat against both service providers and the subscribers they serve. Botnets vast
More informationQUARTERLY TRENDS AND ANALYSIS REPORT
September 1, 2007 Volume 2, Issue 3 QUARTERLY TRENDS AND ANALYSIS REPORT www.us-cert.gov Introduction This report summarizes and provides analysis of incident reports submitted to US-CERT during the U.S.
More informationNYMBLE INTERNET ACCESS SERVICE DISCLOSURES
NYMBLE INTERNET ACCESS SERVICE DISCLOSURES Consistent with FCC regulations, Nymble Internet Service provides this information about our Internet access services ( Nymble or Nymble services ). We welcome
More informationAdaptiveMobile Security Practice
AdaptiveMobile Security Practice Overview & Case Study AdaptiveMobile s Security Practice provide a suite of managed security services undertaking analysis of potential threats in networks and delivering
More informationPhishing: When is the Enemy
Phishing: When E-mail is the Enemy Phishing, once only a consumer worry, is creating headaches for e-mail administrators as businesses become the next target. CONTENTS Understanding the Enemy 2 Three Things
More informationEMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR JAPAN
EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR JAPAN 1 THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2 GLOBAL KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationRSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY
RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY RSA CYOTA PROJECT PROPOSAL RSA FRAUDACTION ANTI-PHISHING SERVICE V.1 2011 Overview This brief highlights the benefits
More informationRyan KS office thesee
SERVERR and WORKSTATION REMOTE MANAGEMENT SERVICES Ryan Dental Systems Dental Computer Systems Support and Sales 303 2 nd Street, PO Box 194, Inland NE 68954 5506 SW 31stPh: 402-461-5575 Terrace Topeka
More informationOn the Surface. Security Datasheet. Security Datasheet
Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record
More informationEMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR UAE
EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR UAE 1 THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2 GLOBAL KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION
More informationTrustwave SEG Cloud BEC Fraud Detection Basics
.trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email
More informationMcAfee Firewall Enterprise: The only Firewall with the Intelligence to Continuously, Automatically Reduce the Risk and Threat Exposure of Your Network
: The only Firewall with the Intelligence to Continuously, Automatically Reduce the Risk and Threat Exposure of Your Network Reputation filtering with TrustedSource and Geo-Location costeffectively minimizes
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of June, 2007 Summarization of June Report Findings In the June 2007 report the APWG introduces a brand-domain pairs measurement (page 4) which combines the
More informationPhishing Activity Trends Report. 3 rd Quarter Unifying the. Global Response To Cybercrime. July September 2012
3 rd Quarter 2012 Unifying the Global Response To Cybercrime July September 2012 Published February 1, 2013 , Phishing Report Scope The APWG analyzes phishing attacks reported to the APWG by its member
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationDetecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a
More informationUnit 2 Assignment 2. Software Utilities?
1 Unit 2 Assignment 2 Software Utilities? OBJECTIVES Identify software utility types and examples of common software Why are software utilities used? Identify and describe the various networking threats.
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More information