Beware of Geeks Bearing Spam and the Expanding Phishing Net

NEW YORK--(BUSINESS WIRE)--MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for September and the third quarter of 2006. In this expanded report, MessageLabs observed the adoption of new spam techniques to circumvent traditional IT security and the sharp increase in phishing attacks which accounted for more than half of all the malicious emails intercepted by MessageLabs in September.

In recent weeks MessageLabs has noticed an increase in the number of spam emails that are specifically targeting individuals within the technology sector by using social engineering techniques. Called “geek spam,” this type of spam includes technology-related keywords within the email to dupe recipients into believing that the spam is actually something more relevant, such as a bug report. This targeted approach using hidden keywords can help to pollute the Bayesian filters often used by technology professionals. The use of technology buzzwords, such as .NET, cpan, xss and Java, hidden inside the body of the spam can ensure that the mail looks convincing enough for limited anti-spam software to allow it through.

“Cyber-criminals continue to seek new and more subversive means to launch their attacks. Geek spam is yet another way that the bad guys are evolving their methods and we expect to see an increase in other similarly targeted spam, such as accountants and by using financial terminology,” said Mark Sunner, chief technology officer, MessageLabs. “When you couple this with the continuing escalation in phishing attacks and an augmented focus on banks who have not adopted new security technology, the end user is increasingly more exposed to complex and well engineered attacks.”

MessageLabs research has also shown that phishing attacks continue to become more targeted as more criminal groups shift their attention from creating malware to conducting such attacks. The focus of these attacks has changed in recent months to banking organisations that have not deployed any two-factor authentication security measures. The unilateral approach undertaken by some banks has indirectly resulted in a huge increase in phishing attacks directed against those banks still investigating such technology. Banking organisations with this technology are still being attacked but on a much lesser scale. These increased attacks are perhaps a prelude to the imminent release of Microsoft Internet Explorer 7.0, which will include additional anti-phishing countermeasures

Other report highlights:

Spam: the global ration of spam this month is 64.4 percent, a diminutive decrease of 0.1 percent from August. This is indicative that spam is not going away, and that concentrations are expected to increase again in coming months as spammers continue to adopt new techniques.

Viruses: virus and trojan traffic has been steadily declining since the beginning of the year and in Q3 2006 is much lower than for the same period in 2005. In September, the global ratio of email-borne viruses in email traffic from new and previously unknown bad sources destined for valid recipients was 1 in 89.6 emails (1.12 percent), an increase of 0.1 percent since last month – still a large volume.

Bots: MessageLabs research indicates that bots are increasing in number and distribution, particularly in South American countries, where the use of bots to distribute bank trojans and phishing scams has now escalated to such a degree as to make them the new “419-scam” of the region.

Phishing: September showed a large increase of 0.27 percent in the proportion of phishing attacks compared with the previous month. One in 170 (0.59 percent) emails was some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and trojans, the number of phishing emails has risen by 21.7 percent, now accounting for 52.4 percent of all the malicious emails intercepted by MessageLabs in September.

Geographic Trends:

• Although levels dropped by 4.4 percent in September, Israel continues to be the world's top spam target with spam representing 73.6 percent of all email traffic.
• Of the top five spammed countries, Ireland suffered the largest increase with a jump of 1.7 percent to 64.2 percent. This trend was mirrored in the virus figures where, with a 1.2 percent increase, it received the largest increase in virus attacks with 1 in 26.2 being compromised.
• India continues to be the least spammed country with spam only representing 25 percent, a far cry from its position in Q3 2005 when it was the most violated country with a 81.69 percent spam rate.
• Australia was the least affected virus country in September with a drop of nearly one percent.
• Belgium was the second least affected virus country with 1 in 101.7 viruses during September.

Vertical Trends:

• The Education sector remained dominant at the top of the spam chart for the second month in a row with a spam rate of 62.9 percent. An increase of 11.1 percent represented the greatest increase within the top five sectors. It also received the highest increase in virus levels.
• The largest rise in spam was seen in the General Services sector (ranked 15^th), which rose by 13.5 percent to 53.5 percent in September.
• The greatest decline in the top five sectors came in Recreation, where spam levels fell by 5.9 percent.
• For viruses, Business Support Services remains the dominant focus of activity, with a higher ratio of viruses than other sectors, with traffic rising by 0.1 percent since August.
• Overall, the largest drop in virus rates came in the Building & Construction sector (ranked 16^th), where levels fell by 5.9 percent to 1 in 101.5 in September.

The September/Q3 2006 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/Threat_Watch/Intelligence_Reports.

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 14,000 clients ranging from small business to the Fortune 500 located in more than 80 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com.