Web-based Malware Escalates, Storm Calms Down

Today, the results of MessageLabs Intelligence Report for April 2008 was released. Analysis shows that during April, the Storm botnet has dramatically decreased to just five percent of its original size, whilst Web-based malware has increased by 23.3 percent.

The introduction of new malicious software removal tools, which are aimed at targeting and removing Storm infections, are deemed responsible for the sudden reduction in Storm-infected machines, now estimated at approximately 100,000 compromised computers. Previously estimated at two million, the decline in Storm's botnet size is evident by the 57 percent decrease in malware-laden e-mails distributed by the Storm botnet during April.

While the Storm botnet decreased in size, analysis of Web-based malware identified that 36.1 percent of interceptions in April were new, an increase of 23.3 percent since March. MessageLabs also identified an average of 1,214 new Web sites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 619 per day compared with the previous month.

"April was a month of unpredictability with the mighty Storm botnet losing all but five percent of its anonymous army and Web-based malware reaching new levels," said Mark Sunner, Chief Security Analyst, MessageLabs. "This month we find ourselves fighting the cybercrime battle on many fronts, with the bad guys using an arsenal of weapons in order to detonate spam, viruses, phishing attacks and targeted Trojans, making it more important than ever to have a strong security shield in place."

On the cusp of the 30th anniversary of the first spam message, MessageLabs identified a new spamming technique being used to send authenticated spam e-mail via Yahoo!'s SMTP servers. This spam attack accounts for one percent of all spam intercepted in April and has been used to advertise services for Canadian Pharmacy, a well-known spam operation. By using the SMTP server and a DomainKeys Identified Mail (DKIM) authentication technique, the spammers can ensure that the e-mail generated is harder to block based on traditional anti-spam methods.

In addition, targeted attacks reached new heights this month, with approximately 70 targeted Trojans intercepted per day, an increase of 250 percent on the December 2007 levels of 28 per day. Leveraging interest in the Beijing 2008 Olympics Games, 13 separate Olympic themed attacks were intercepted over the past six months which use legitimate-sounding e-mail subject titles, such as "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents." Some attacks purported to be from the International Olympic Committee, based in Lausanne Switzerland, however in reality all of the attacks but one were sent from an IP address within Asia Pacific.

Finally, MessageLabs has uncovered a new way that scammers are abusing professional social networking sites like Linked-In. For the first time, they are taking advantage of these sites to lend legitimacy to Nigerian 419 advance fee fraud scams by creating profiles with false credentials that pertain to the business involved in the scam.

Other Report Highlights

Web Security: Analysis of Web security activity shows 36.1 percent of all Web-based malware intercepted was new in April, as increase of 23.3 percent since March.

Spam: In April 2008, the global ratio of spam in e-mail traffic from new and previously unknown bad sources, was 73.5 percent (1 in 1.36 e-mails), a decrease of 0.3 percent on the previous month.

Viruses: The global ratio of e-mail-borne viruses in e-mail traffic from new and previously unknown bad sources, was 1 in 218.9 e-mails (0.46 percent) in April, a decrease of 0.13 percent since the previous month.

Phishing: April saw an increase of 0.05 percent in the proportion of phishing attacks compared with the previous month. One in 206.1 (0.49 percent) e-mails comprised some form of phishing attack. When judged as a proportion of all e-mail-borne threats such as viruses and Trojans, the number of phishing e-mails rose by 13.1 percent to 87.1 percent of all e-mail-borne malware threats intercepted