Marshal8e6, a global provider of Secure Web Gateway and e-mail security products for more than 20 000 businesses worldwide, today released its biannual TRACElabs report detailing the latest spam and exploit levels. From January to June 2009, Marshal8e6 TRACElabs observed a staggering 60% increase in spam volumes, with spam now representing a full 90% of all inbound e-mail.
Despite the successful shutdowns of the McColo and 3FN hosting servers in recent months, spam volumes have continued to steadily rise.
Marshal8e6 TRACElabs has found that even as authorities and the security community improve their tactics against fighting cyber-criminals, spammers have evolved to keep up and continue distributing malware to make money.
The top findings of the report include:
* Rustock botnet - Has emerged as the dominant force in spam output in 2009 and is responsible for more than 40% of all spam sent so far this year.
* Pharmaceutical spam - Now makes up 75% of all spam, proving that cyber-criminals effectively exploit the online availability of discounted drugs.
* Twitter scares - Cyber-criminals continue to leverage social media sites like Facebook, YouTube and now Twitter to spread links leading to malware-infected Web sites and spam.
* "Scareware" applications - Fake anti-virus or 'scareware' campaigns have risen to a level never seen before; once installed on a system, scareware tricks users into thinking that their computers are infected and prompts them to purchase 'full software', leaving their credit card information vulnerable.
* Image spam - Spammers are bringing back this tried and true tactic, where text is incorporated into an attached graphic; image spam spiked to 10% of all spam.
"While legal entities and the security community have made strides in combating hosting servers that support malicious botnets, we've seen a number of new tactics from the spammers themselves taking hold in the first half of 2009," said Bradley Anstis, director of technology strategy at Marshal8e6. "The rise of the Rustock botnet feeds the growth of blended threats. Rustock typically uses HTML templates from legitimate newsletters and inserts, or blends in, its own images and URL links. This helps give Rustock spam the appearance of professional, legitimate e-mail, which tricks recipients into clicking on the links or buying the advertised products."
In addition to the rise in spam volumes, Marshal8e6 TRACElabs has observed a wave of legitimate Web sites being compromised by hackers and serving up spam to unsuspecting visitors. According to the report, roughly 70% of the Web sites hosting malicious content today are legitimate Web sites that have been hacked. This increases the risk for all users on the Web, and underscores the need both for employee education and effective security solutions to maintain the integrity of corporate networks.
"Web browsers are categorically one of the most dangerous applications on a user's computer," Anstis continued. "All it takes is a simple click on a link in a fake e-mail or Facebook message to have your credentials stolen and your network compromised. It's essential that users know what to look out for as they browse the Web and that their networks are protected by security technologies at the Web gateway that monitor for suspicious content."
To read the full biannual TRACElabs report and learn more about the most critical threats facing Web and e-mail users today, please visit: http://www.marshal8e6.com/documents/pdfs/trace/Marshal8e6_TRACE_Report_July_2009.pdf.
Share