Symantec.cloud researchers reported a significant drop in spam and malware sites in April in the company's monthly MessageLabs Intelligence report.
Spam volumes and the number
of malicious Websites dropped in April, according to the latest MessageLabs
monthly report from Symantec.cloud.
Spam dropped 6.4 percent in
April, making up 72.9 percent of all email traffic and the number of Websites
blocked for carrying malware fell by nearly 20 percent, Symantec.cloud
researchers wrote in the April
MessageLabs Intelligence report. The spam decline may be the direct result
of the shutdown of the Rustock
botnet in mid-March, but it remained a problem.
Overall malicious Web
activity also declined. Although there was an average of 2,431 Websites
harboring malware, spyware and adware, there were 18.2 percent fewer sites than
in March, the report found. A third of the malicious sites and 22.5 percent of
all Web-based malware blocked were new in April, all lower than the March
Virus and phishing levels
remained virtually unchanged in April. The most frequently blocked malware was
the W32.Sality.AE virus, which spreads by infecting executable files. However,
there was an increase in Bredolab, Sasfis, Zeus and Spyeye related malware,
which accounted for 55.1 percent of all malware. Those Trojans tend to spread
as ZIP file attachments rather than hyperlinks.
Only 13.2 percent of email-borne
malware contained links to a malicious Website in April, a drop of 50.3 percent
since March. The decline is actually because the increased volume of malicious
attachments "pushed down the relative proportion of attacks using hyerlinks,"
the researchers wrote.
identified 11 automated bots operating on a "popular micro-blogging service,"
posting messages using shortened URLs pointing to rogue Web sites. The bots randomly
inserted Twitter handles into the spam messages to encourage users to click to
find out why they were mentioned. The bots were also checking the trending
topics and inserting those terms in their automated messages, according to the
Clicking on the links
generally redirected users to a Website filled with advertisement links, which
generated pay-per-clicks for the site owner.
After the shortened URL in
the message was active for an hour, the bots would update the message to use a
different link pointing to the same malicious portal, making it harder to be
detected or blocked. Even if services like bit.ly try to shut down the link,
the bots have already moved on.
The April report also examined some targeted attacks that occurred in March. The number of targeted attacks
rose to 85 per day in March, a 10.5 percent increase over a six-month period,
the report found.
"The trend in targeted
attacks suggests there may be a seasonal pattern as the number of targeted
attacks always seems to be higher at this time of year," said Paul Wood,
MessageLabs Intelligence Senior Analyst at Symantec.cloud.
Attackers may be moving away
from wide-scale spam campaigns and focusing on targeted attacks on individuals
and organizations. The number of targeted attacks per day in March 2011 was at the
second-highest rate recorded by Symantec.cloud since the run-up to London's G20
summit in March 2009, according to the report.
While the number of targeted
attacks has increased, the overall number of attacks has not increased
significantly, according to the report.
The report highlighted the
recently discovered Adobe zero-day vulnerability (CVE-2011-0609),
which could be exploited by a malicious
Flash file embedded inside an Excel document. Adobe has patched the
vulnerability. MessageLabs Intelligence researchers analyzed one variant of the
exploit and found that it downloaded a Poison Ivy backdoor Trojan, whose
command-and-control server had a German IP address.
zero-day exploits are common, old-fashioned techniques are often used as well,
and may be equally successful with the right level of social engineering, such
as the use of -spear-phishing,'" the researchers wrote.