Symantec Announces October 2011 Symantec Intelligence Report

MOUNTAIN VIEW, Calif. - Symantec Corp. (Nasdaq: SYMC) today announced the results of the October 2011 Symantec Intelligence Report. This month’s analysis reveals that for the first time, spammers have established a genuine URL shortening service that is publically available and will generate real shortened links. These have so far only been found in spam emails.

Click to Tweet: October Intelligence reports shows spammers using open source URL shortening scripts to operate malicious sites http://bit.ly/o27jGg

During 2010, 92% of spam emails contained URLs and the use of shortened links makes it harder for traditional anti-spam countermeasures to block the messages based on fingerprinting the URL. Legitimate services are much quicker to respond to abuse, and spammers are preying on the knowledge that many people are familiar with shortened links through their use in social media, and have developed a false sense of security about them.

Symantec Intelligence reported earlier this year that spammers had set up their own URL shortening services to better conceal their spam sites and make them harder to block. This month’s analysis indicates that a spam gang with at least 80 URL shortening sites have been operating, all using a similar naming pattern, and used the .info top-level domain. However, unlike the URL shortening sites uncovered earlier this year, these sites are effectively public URL shortening sites. Anyone can create a shortened URL on these sites; the form to do so is also publically available.

“Spammers are using a free, open source URL shortening scripts to operate these sites. After creating many shortened URLs with their own service, the spammers then send spam including these URLs. These particular spammers use subjects designed to attract attention, like “It’s a long time since I saw you last!”, “It’s a good thing you came” and so on. This is a common social engineering tactic, and is designed to arouse curiosity, particularly if they have a false sense of security around the safety of shortened links” said Paul Wood, Senior Intelligence Analyst, Symantec.cloud.

“It is possible that spammers are setting up their own URL shortening sites since legitimate URL shortening sites, which have long suffered with abuse, have slightly improved their detection of spam and other malicious URLs. It’s not fully clear why the sites are public. Perhaps this is simply due to laziness on the spammers’ part, or perhaps an attempt to make the site seem more legitimate,” Wood said.

During October, Symantec Intelligence also discovered a premium rate SMS dialer targeting users in Eastern Europe. The dialer app attempts to pass itself off as a legitimate application by imitating the brand of a popular VoIP/messaging application.

“Premium SMS dialers have started appearing on the mobile threat landscape more often, especially in Eastern Europe. It is no surprise that the authors responsible for using this lucrative revenue source appear to be evolving their tactics and moving to newer platforms,” Wood said.

Other report highlights:

Spam: In October 2011, the global ratio of spam in email traffic declined slightly to 74.2 percent (1 in 1.35 emails), a decrease of 0.6 percentage points when compared with September 2011.

Phishing: In October, phishing email activity diminished by 0.07 percentage points since September 2011; one in 343.1 emails (0.29 percent) comprised some form of phishing attack.

E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 235.8 emails (0.42 percent) in October, a decrease of 0.11 percentage points since September 2011.

Web-based Malware Threats: In October, Symantec Intelligence identified an average of 3,325 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 4.3 percent since September 2011.

Endpoint Threats: The most frequently blocked malware for the last month was W32.Sality.AE1, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Geographical Trends:

Spam
• Saudi Arabia remained the most spammed geography; with a spam rate of 80.5 percent.
• Russia remained the second most-spammed at 79.9 percent.
• In the US, 73.8 percent of email was spam and 73.2 percent in Canada.
• The spam level in the UK was 74.8 percent.
• In The Netherlands, spam accounted for 75.6 percent of email traffic, 74.8 percent in Germany, 75.7 percent in Denmark and 72.8 percent in Australia.
• In Hong Kong, 73.4 percent of email was blocked as spam and 72.2 percent in Singapore, compared with 70.8 percent in Japan.
• Spam accounted for 74.8 percent of email traffic in South Africa and 77.7 percent in Brazil.

Phishing
• The UK became the country most targeted geography for phishing in October, with one in 178.3 emails identified as phishing.
• South Africa was the second most targeted country, with one in 203.8 emails identified as phishing attacks.
• Phishing levels for the US were one in 646.0 and one in 272.8 for Canada.
• In Germany phishing levels were one in 897.4, one in 631.8 in Denmark and one in 518.3 in The Netherlands.
• In Australia, phishing activity accounted for one in 267.0 emails and one in 359.5 in Hong Kong; for Japan it was one in 3385 and one in 500.1 for Singapore.
• In Brazil one in 547.3 emails was blocked as phishing.

E-mail-borne threats
• The UK climbed to the top of the table with the highest ratio of malicious emails in October, with one in 146.4 emails identified as malicious.
• Hong Kong was the geography with the second highest rate, with one in 180.3 emails identified as malicious in October.
• The previous month’s top spot belonged to South Africa, which dropped to eleventh position in October, with one in 326.0 emails blocked as malicious.
• Virus levels for email-borne malware in the US reached one in 330.2 and one in 211.7 in Canada.
• In Germany virus activity reached one in 330.9, one in 457.1 in Denmark and in The Netherlands one in 319.4.
• In Australia, one in 193.4 emails was malicious. For Japan the rate was one in 1048, compared with one in 272.4 in Singapore.
• In Brazil, one in 421.7 emails in contained malicious content.

Vertical Trends:
• Despite a small drop in spam, the Education sector overtook the Automotive industry to become the most spammed industry sector in October, with a spam rate of 76.4 percent. The spam rate for small businesses was 73.9%, compared with 74.1% for large enterprises.
• The Public Sector remained the most targeted by phishing activity in October, with one in 86.0 emails comprising a phishing attack.
• Phishing levels for the Chemical & Pharmaceutical sector reached one in 543.3 and one in 500.5 for the IT Services sector, one in 562.7 for Retail, one in 150.9 for Education and one in 304.4 for Finance. Phishing attacks targeting small businesses accounted for one in 303.5 emails, compared with one in 319.6 for large enterprises.
• With one in 62.0 emails being blocked as malicious, the Public Sector remained the most targeted industry in October.
• Virus levels for the Chemical & Pharmaceutical sector reached one in 180.9 and one in 257.3 for the IT Services sector; one in 355.4 for Retail, one in 99.3 for Education and one in 332.9 for Finance.
• Malicious email-borne attacks destined for small businesses accounted for one in 260.2 emails, compared with one in 214.5 for large enterprises.

The October 2011 Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.

About Symantec Intelligence Report

The Symantec Intelligence report combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from September and October 2011.

About Storage from Symantec

Symantec helps organizations secure and manage their information-driven world with storage management, email archiving, backup & recovery solutions.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

1http://www.symantec.com/connect/blogs/sality-whitepaper