Recently I explored a useful resource in the Intelligence Reports from MessageLabs, a company “founded in 1999 with a single purpose - to find a better way to stop the new breed of viruses that were harnessing the power of Internet to spread rapidly and causing huge disruption to the business world.” 

The Intelligence Reports are brief (3 to 22 pages) analyses of spam and virus prevalence with news articles summarizing significant new developments in the periods they cover. These concise reports include excellent graphics, clear explanations of new malicious-software and deception techniques, and will be particularly useful to security and network professionals preparing executive briefings, as well as researchers, writers and students. Today I’m pointing to some particularly interesting findings from the most recent issues.

December 2007 Annual Security Report: "A year of storms, spam and socializing..."

The authors point to a growing wave of increasingly sophisticated social engineering techniques such as “targeted attacks… aimed at C-level executives” and also exploitation of “social networking sites [and] corporate Web sites… to collect more information on their targets before launching such attacks.”

Botnet usage and sophistication grew; the StormWorm gang controlled “almost two million compromised computers [and] was deemed one of the largest of its kind.” Spam using attachments such as spreadsheets and MP3 sound files became a nuisance in that year.

“Whaling” (in contrast to phishing) attacks were identified as “highly targeted phishing-style attacks against senior executives around the world across a range of organizations... The first major whaling attack in 2007 occurred on June 26 when MessageLabs intercepted 512 e-mails with a Microsoft Word document attached, which contained an embedded spying trojan. All of the e-mails targeted senior executives across a number of organizations in many countries. So precise were these attacks that the subject line of the email included the recipient’s name and job title. The next significant wave appeared in September with MessageLabs intercepting 1,100 individual e-mail attacks from the same criminal gang responsible for the June outburst. None of the e-mails this time contained any text; the only content was an RTF attachment which contained the spying trojan. Unlike the earlier June attack, where the name and job title of the victim was included within the subject line of the e-mail, this series of attacks purported to be from an employment service regarding a prospective employee and included the target’s company name within the subject line. Again, the e-mails were targeted towards C-level executives and senior management, including repeated attacks at the same company through different C-level entry points.”

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports