Infected Sites Tripled in March
New research indicates that the number of Web sites spreading malicious programs tripled in the last month alone, with the volumes of spam attacks aimed at directing users to the malware sites swelling in concert with the tainted URLs.
According to the March Intelligence Report issued by Symantec's MessageLabs division on Tuesday, malware-oriented spam reached its highest level since June 2008, accounting for just over 20 percent of all the messages scanned by the filtering specialists this month.
As the number of malware-laden sites jumped by almost 200 percent during March, accounting for roughly 3,000 new infected URLs per day during the month, attackers increasingly sought to compromise end user devices via injected script threats, the researchers said.
The move to embrace a larger number of Web-based attack techniques is likely just another mere twist in the road for malware distributors as they attempt to mix up their patterns, the experts contend. Overall, some 61.6 percent of all Web-based malware intercepted during March comprised newly discovered threats.
"Having been focused on e-mail tactics for the latter half of 2008 and early 2009, the cyber criminals are varying their strategies, and turning their attention toward web-related tactics, so as not to become too predictable," Paul Wood, a MessageLabs Intelligence Senior Analyst said in a report summary. "Their goals of financial gain and espionage remain the same, however."
A large proportion of the involved sites advertise themselves as free image hosting services, with some attempting to link their existence to popular social networking properties. Once loaded onto an end user's device, most of the attacks sought to steal sensitive personal or corporate data, MessageLabs said.
In regards to spam trends, the company said that campaigns built around recession-based themes became very popular across Q1 2009. Using easy credit schemes aimed at struggling consumers has become a common angle, according to the report. To help disguise their efforts, attackers are using smaller runs of individual campaigns, the experts indicated.
Popular events including St. Patrick's Day and March Madness were among the other dominant themes.
MessageLabs said that the global ratio of spam traffic from new and previously unknown bad sources was 75.7 percent (1 in 1.32 e-mails) in March, an increase of 2.4 percent compared to February. Spam levels in the U.S. rose to 78.4 percent of all messages.
"The economy and other seasonal happenings, such as St. Patrick's Day and the US March Madness basketball tournament, remain predictable avenues for spammers, phishers and fraudsters to explore," said Wood. "It's not likely these spamming tactics will go away, but in the coming months we may see more non-traditional spamming techniques, like those from cash-strapped individuals seeking charity, begin to take hold."
In terms of phishing campaigns, the company said that one in every 284.6 emails (0.35 percent) included some form of phishing attack, a decrease of 0.17 percent compared with February. However, when judged as a proportion of all eemail-borne threats including viruses and Trojans, the number of phishing e-mails actually increased by 37.3 percent to 98.9 percent of all e-mail-borne malware threats intercepted in March, the report contends.
Phishing levels for all of Q1 '09 averaged one in 290.4 e-mails, compared with one in 221.9 e-mails for Q4 2008.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.