Report: 90.4 Percent Of E-Mail Is Spam

Symantec Corp. recently announced the publication of its May 2009 MessageLabs Intelligence Report. The analysis highlights that spam experienced a further increase of 5.1 percent since last month, reaching heights of 90.4 percent. Also in May, MessageLabs Intelligence revealed that geographic location determines the time of day when spam is received, the data also highlights where spammers are most heavily concentrated.

The majority of this increase in spam in May was comprised of messages with very little content other than a subject line and valid hyperlink. Each hyperlink pointed to a different active profile on one of a number of major social networking environments. The profiles were likely created using random names and automated CAPTCHA-breaking tools. Moreover, the e-mails were sent from valid Webmail hosting providers, which means they were not spoofed, as has been the case in the past for these types of domains.

“As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one” said Paul Wood, MessageLabs Intelligence senior analyst at Symantec. “In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as a triple threat to heighten the effectiveness of their spamming.”

Also this month, MessageLabs Intelligence revealed that geographic location determines when people receive spam. According to research conducted over a seven day period, analysis highlights that U.S. residents see spam peak between 9 and 10 a.m. local time and a drop overnight while Europeans are more likely to receive a steady stream of spam throughout the workday. Those in the Asia-Pacific region start their day with an inbox full of spam and see less trickling in throughout the day.

“These patterns suggest that spammers are more active during the U.S. working day,” Wood said. “This could be because most active spammers are based in the U.S., according to data from Spamhaus, or because this is when the spammers’ largest target audience is online and likely to respond.”

Image spam continued into May with Russian language “ransom-style” spam, reminiscent of traditional ransom messages constructed from letters cut out of newspapers. The content appears to read like a ransom message and is constructed from Russian characters taken from different font styles, however the subject line itself is unrelated translating into, “how to attract customers.” The use of the Russian language character set has become more popular in recent spam runs where the Russian character set is used to hide the English language content, a spamming technique deployed to avoid content folders.

Finally, in May MessageLabs Intelligence debunked a common misconception that cybercriminals are more likely to use less reputable web sites, like those containing adult content, to hide malware. However, the majority, 84.6 percent, of web site domains blocked in May for hosting malicious content were well-established domains more than a year old. Moreover, the number of new websites harboring malware identified daily declined from 3,561 in April to 1,149 in May supporting the trend that cybercriminals favor the more established domains.

“Spammers using better-known and thus more widely trusted web sites to host malware is reminiscent of the spammers who rely on well-known webmail and social networking environments to host spam content,” Wood said. “The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious -- a temporary site set up with the sole purpose of distributing spam and malware -- and thus faster to get shutdown.”

Other report highlights:

Web security: Analysis of Web security activity shows that 34.2 percent of all web-based malware intercepted was new in May. MessageLabs Intelligence also identified an average of 1,149 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 67.7 percent since April.

Spam: In May 2009, the global ratio of spam in e-mail traffic from new and previously unknown bad sources was 90.4 percent (1 in 1.11 emails), an increase of 5.1 percent since April.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 317.8 e-mails (0.31 percent), a decrease of 0.01 percent since April. In May, 7.0 percent of email-borne malware contained links to malicious sites, a decrease of 6.3 percent since April.

Phishing: One in 279.7 e-mails (0.36 percent) comprised some form of phishing attack, an increase of 0.11 percent in the proportion of phishing attacks compared with April. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing e-mails had remained unchanged at 89.7 percent of all e-mail-borne malware and phishing threats intercepted in May.

The May 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/Threat_Watch/Intelligence_Reports.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.