The latest MessageLabs Intelligence Report from Symantec has revealed how spammers are adapting their tools to trick even more users into falling for email scams.The report found that, rather than create new messages, spammers are using translation tools and message templates to create emails that cross geographical differences.
http://www.v3.co.uk/v3/news/2246867/threat-reportsAlso see:Symantec Announces July 2009 MessageLabs Intelligence Report [news release]
– Spammers Use Templates and Translations for Multilingual Attacks, Whilst Web-Malware Writers Take a Break –Symantec Corp. today announced the publication of its July 2009 MessageLabs Intelligence Report. Analysis highlights that spammers are using translation services and templates to easily develop multiple language spam runs, and web-based malware writers take a break as less that one percent of web malware in July is new.With spam levels globally continuing to stay at a two-year high of approximately 90 percent, some countries are experiencing levels in excess of 95 percent, such as Germany, France and The Netherlands. MessageLabs Intelligence reveals that one technique contributing to these unprecedented levels, predominantly in non-English language countries, is the use of automated translation services and templates enabling spam runs to operate in multiple languages. Local language spam now accounts for 46 percent of spam in Germany and 53 percent in France. In The Netherlands, 25 percent of spam is in Dutch. In Japan 62.3 percent is in non-English languages and in China this number is 54.7 percent.”Once again the spammers turn to their online toolbox, the Internet, for their latest tactics. Translation services and templates enable the spammers to push out multiple-language spam attacks and some dubious translations through the use of poor online services highlight the use of these antics,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “Non-English spam now accounts for one in every 20 spam messages, a figure we’ll be closely monitoring to see if spammers continue with their global expansion.”Malware writers seem to have taken a break this month as analysis of web security activity highlights that in July only 0.7 percent of all web-based malware intercepted was new, compared with 58.8 percent in June. However, with the number of new websites harboring malware and other potentially unwanted programs identified each day reaching a nine month high of 3,618, it indicates that previously used malware is being more widely distributed to other websites.Also in July, MessageLabs Intelligence reported that the presence of shortened URLs in spam has skyrocketed with three significant spam bursts occurring this month, accounting for as much as 6.2 percent of all spam at its peak on July 9, equivalent to more than nine billion spam messages per day worldwide. With many social networking sites providing character restrictions on status updates & messages, the use of free URL redirection services which turn lengthy web addresses into shortened URLs is increasing in popularity as this helps cybercriminals disguise the true URL destination for their victims. Donbot, a botnet responsible for sending approximately five billion spam messages every day, is one of the main culprits for using this new technique.Finally in July, cyber-criminals continue to use world news and events to their advantage, with the US Independence Day festivities receiving attention from the botnet Waledec. Simply clicking on a malicious link within an email purporting to show a fireworks display of the festivities would have added that unsuspecting user to the Waledec botnet. In addition, the death of Michael Jackson still continues to achieve widespread attention, from fans and fraudsters alike. Michael Jackson spam currently accounts for approximately one percent of all unsolicited mail, and malware and advance fee fraud attacks are becoming common occurrences.Other report highlights:Web security: Analysis of web security activity shows that 0.7 percent of all web-based malware intercepted was new in July. MessageLabs Intelligence also identified an average of 3,618 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 88.5 percent since June.Spam: In July 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 89.4 percent (1 in 1.12 emails), reflecting a 1 percent decrease since June.Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 295.2 emails (0.34 percent), a decrease of 0.03 percent since June. In July, 15.2 percent of email-borne malware contained links to malicious websites, an increase of 4.8 percent since June.Phishing: One in 327.6 emails (0.31 percent) comprised some form of phishing attack, a decrease of 0.05 percent since June. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 3.2 percent to 92.9 percent of all email-borne malware threats intercepted in July.Geographical Trends:
- Germany overtook France as the most spammed country with levels rising to 97.5 percent.
- spam levels in the U.S. rose to 86.0 percent and 83.0 percent in Canada. In the UK spam levels increased to 93.6 percent and the Netherlands saw a rise to 95.7 percent.
- increases were also experienced in Australia and Japan, with levels reaching 92.0 percent and 90.6 percent respectively.
- although virus activity in Australia declined to 1 in 153.1 emails, it still retains its place at the top of the virus table for July.
- virus levels increased in the US and Canada with levels reaching 1 in 367.1 emails and 1 in 361.3 emails respectively. In Germany virus levels were 1 in 344.5 emails and for The Netherlands, 1 in 798.2 emails. In Hong Kong virus activity was 1 in 299.2 emails and in Japan it reached 1 in 580.1 emails.
- in July, the most spammed industry sector with a spam rate of 95.2 percent was the Marketing and Media sector.
- spam levels for the Education sector were 95.0 percent, also 95.0 percent for the Chemical & Pharmaceutical sector; 93.3 percent for Retail, 94.0 percent for Public Sector and 92.1 percent for Finance.
- virus activity in the Education sector fell by 0.10 percent, but it remained at the top of the table with 1 in 144.6 emails being infected.
- virus levels for the IT Services sector were 1 in 341.0, 1 in 477.9 for Retail and 1 in 288.8 for the Chemical and Pharmaceutical sector.
The July 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at www.messagelabs.com/intelligence.Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available www.symantec.com.This MessageLabs news release was sourced from: