Revolutionary Threat Innovation Hallmark of '08

By Matthew Hines  |  Posted 2008-12-04 Print this article Print

Significant advancement in the complexity of spam, malware and botnet attacks was the key trend tracked by researchers at MessageLabs during 2008, according to the company's Annual Security Report.

Experts at the messaging security specialist, which was recently acquired by industry giant Symantec, contend that calendar 2008 was a "pivotal" year for development among cyber-criminals as they continued to expand their nefarious activities.

MessageLabs' report specifically called out the rise of more sophisticated online attacks, with many of the most virulent of the threats targeted at users of social networking tools. Drive-by attacks planted on other legitimate Web sites also remain a major area of growth, the firm said.

"Web 2.0 offers endless opportunities to scammers for distributing their malware--from creating bogus social networking accounts to spoofed videos--and in 2008 the threats targeting social networking environments became very real," Mark Sunner, chief security analyst at MessageLabs, said in a report summary.

"Web 2.0 thrives on user-generated content, as do the spammers. The ability to adapt to new mediums and upload enticing content as 'snake oil' to persuade an information-hungry user to activate it is one of the cyber-criminals' strongest talents and has made them successful in transforming deception into a fully scalable business model within the underground shadow economy," the expert noted.

Overall, the daily average of sites containing malware attacks grew from 1,068 in January to a peak of 5,424 in November. Many of the involved pages utilized SQL injection techniques to infect their targets, according to the report.

And even as online threats continued their takeoff, more traditional e-mail-based campaigns experienced 0.15 increases in frequency, compared with 2007 numbers. MessageLabs reports that one in every 143.8 (0.70 percent) e-mails tracked during '08 was malicious, compared with one in 117.7 (0.85 percent) in 2007. Targeted Trojan attacks saw significant growth, rising from an average of 53 per day in 2008 and peaking at 78 per day, compared with the mere 10 per day seen in early 2007.

On the spam and botnet front, levels of unsolicited e-mail peaked at 82.7 percent in February and averaged 81.2 percent for the entire year, compared with 84.6 percent in 2007. A whopping 90 percent of all spam was distributed by botnet networks, led by the Storm (Peacomm) botnet, which first appeared in early 2007 and "all but disappeared by the end of the year," ceding its leading role to rival botnets, including the Srizbi and Cutwail (Pandex) networks, MessageLabs reported.

And while the shutdown of several notorious hosting providers including McColo helped temporarily slow down botnet activity, a move by attackers to alternative hosts has allowed most of the zombie networks to remain as active as ever, save the Srizbi botnet, which resided primarily on McColo-controlled infrastructure, the company said.

Spammers moved from more traditional models to tactics involving the use of large, reputable Webmail and application services, driven largely by the manipulation of CAPTCHA systems designed to thwart such activities, the experts noted.

In January, only 6.5 percent of all spam originated from hosted Webmail accounts, but 25 percent of all spam originated from such sources by September and averaged roughly 12 percent for the rest of the year.

Phishing techniques also experienced "notable transformations" in '08, according to MessageLabs, as the use of botnets specifically designed to advance such efforts became more common.

"2008 was an important year for the security industry as new threats emerged and old threats evolved while the Internet gained sophistication and its users became more Web-savvy than ever before," Sunner said.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel