The IronPort report details how virus writers have shifted from the mass-mailer tactics of previous years to stealthier attacks embedded in office documents and with highly polymorphic outbreaks. Malware writers found new ways to deliver a steadily increasing array of harmful code, such as key loggers and system monitors. In addition, Internet Explorer vulnerabilities have allowed malware code to propagate undetected by the end user. Malware authors developed effective spam and phishing techniques to drive traffic to infected sites, resulting in desktop infection rates of over 50 percent in corporations worldwide.
"Trends point to a single overarching theme. Spam, viruses, phishing and malware are tools used by well-organized global entities that are profiting from a variety of criminal activities including drug trafficking, fraud and identity theft," commented Tom Gillis, senior vice president, Worldwide Marketing, IronPort Systems and author of the IronPort Report on Internet Security Threats. "To combat these sophisticated threats, enterprise security officers need to evaluate solutions that have strong email and web capabilities. An email appliance and a Web security gateway that work together and share a common threat database is the best way to defend against the sophisticated new generation of threats on the Internet."
Additional Findings and Statistics
- Elite spam groups have established an elaborate infrastructure that spans the globe. In many cases delivering billions of spam messages from 100,000 different servers in as many as 120 different countries.
- Spam categories keep evolving to fool end-users.
- Pharmaceutical spam and "stock scam" spam are the most widely sent types of spam today. In 2006 "stock scams" surged from less than 10 percent of spam in 2005 to more than 30 percent of spam in 2006.
- Rapid-outbreak spam attacks have increased in frequency.
- Spammers are adopting techniques used by virus writers for years, developing new strains or variants of spam. They send out a very limited trial quantity to see how effective the new strain is against spam filters. Once spammers are confident that they have created a content set that will get through most spam filters, they will launch a very large-scale attack.
- A typical spam attack
- Now involves billions of messages using very sophisticated randomization techniques.
- Most attacks are believed to be coming from groups with links to organized crime.
- More than 80 percent of spam is sent from zombies.
- The average life span of a zombie in 2006 was less than 30 days.