Spam, Hacks, Attacks and Vulnerable Macs

By Matthew Hines  |  Posted 2008-07-31 Print this article Print

Following on the heels of a plethora of other research reports that have arrived over the last week (I guess it takes about a month after the quarter ends for the numbers to get translated into words), Secure Computing released its latest compendium of malware and cyber-crime trends today.

Secure, which also sold off its authentication business to focus purely on its core gateway operations, published such a lengthy collection of fun facts (and dire predictions) that I'll merely point out some of the highlights (or more accurately lowlights), rather than trying to get to every detail.

According to the Secure Computing Research and Anti-Malware Team, during Q2 2008:

Mail trends:

-Spam is up 280 percent from last year at this time.

-This year's peak on spam volume was March 27 at 185 billion spam messages.

-Since the March peak, spam in total is down 40 percent.

-The U.S. continues to send more than twice as much spam as the next largest contributor, Russia.

-In terms of content, spam advertising male enhancement products led the way at 39 percent of all spam


-The ZBot spyware family has grown.

-Swizzor has grown significantly throughout the recent months.

-The use of rootkit technology in major malware families has led to more spyware.

Top sites hosting malware by content area:

1. Spam URLs 2. Pornography 3. Portal Sites 4. Extreme 5. Criminal Activities 6. Online shopping 7. Entertainment 8. Internet Services 9. Marketing/Merchandising 10. Parked Domains

Mac Attacks:

-A newly discovered vulnerability in Apple's Remote Desktop application already attracted malicious code writers' attention to MacOS X. The privilege escalation vulnerability allows locally logged-on users to run shell scripts as 'root' and was exploited by a first Trojan which -- among other things -- adds new admin accounts to the system. With the market share and prevalence of the MacOS platform rising, malware authors smell another big profit-pool as shown by these two new examples.

Router Attacks:

-A new variant of the DNSChanger trojan has been discovered in-the-wild. This variant conducts brute force attacks against the Web interface of routers that use basic access authentication. DNSChanger is believed to be affiliated with the authors behind the large Zlob malware family. This latest trojan's aim is to gain access to routers in order to change its DNS.

Google Ad Banner Fraud:

-Researchers are seeing Web server incidents using Adsense code but with the banner ad is not rendered and displayed in the browser raising no suspicion to the user. However, a banner ad is loaded from Google AdSense and the impression view counter of the attacker has increased. By running this on as many compromised Web sites as possible, the counter is running even faster. The ad provider then pays the client, of which it thinks he's the Web site "owner" for displaying the ad banners. The client in fact is the attacker, striving to earn money for hosting ad banners on compromised, previously legitimate Web sites.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel