MessageLabs Intelligence Reports make good reading

The long view of security strategies for your network.

Recently I explored a useful resource in the Intelligence Reports from MessageLabs, a company “founded in 1999 with a single purpose - to find a better way to stop the new breed of viruses that were harnessing the power of Internet to spread rapidly and causing huge disruption to the business world.” 

The Intelligence Reports are brief (3 to 22 pages) analyses of spam and virus prevalence with news articles summarizing significant new developments in the periods they cover. These concise reports include excellent graphics, clear explanations of new malicious-software and deception techniques, and will be particularly useful to security and network professionals preparing executive briefings, as well as researchers, writers and students. Today I’m pointing to some particularly interesting findings from the most recent issues.

December 2007 Annual Security Report: "A year of storms, spam and socializing..."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Recently I explored a useful resource in the Intelligence Reports from MessageLabs, a company “founded in 1999 with a single purpose - to find a better way to stop the new breed of viruses that were harnessing the power of Internet to spread rapidly and causing huge disruption to the business world.” 

The Intelligence Reports are brief (3 to 22 pages) analyses of spam and virus prevalence with news articles summarizing significant new developments in the periods they cover. These concise reports include excellent graphics, clear explanations of new malicious-software and deception techniques, and will be particularly useful to security and network professionals preparing executive briefings, as well as researchers, writers and students. Today I’m pointing to some particularly interesting findings from the most recent issues.

December 2007 Annual Security Report: "A year of storms, spam and socializing..."

The authors point to a growing wave of increasingly sophisticated social engineering techniques such as “targeted attacks… aimed at C-level executives” and also exploitation of “social networking sites [and] corporate Web sites… to collect more information on their targets before launching such attacks.”

Botnet usage and sophistication grew; the StormWorm gang controlled “almost two million compromised computers [and] was deemed one of the largest of its kind.” Spam using attachments such as spreadsheets and MP3 sound files became a nuisance in that year.

“Whaling” (in contrast to phishing) attacks were identified as “highly targeted phishing-style attacks against senior executives around the world across a range of organizations... The first major whaling attack in 2007 occurred on June 26 when MessageLabs intercepted 512 e-mails with a Microsoft Word document attached, which contained an embedded spying trojan. All of the e-mails targeted senior executives across a number of organizations in many countries. So precise were these attacks that the subject line of the email included the recipient’s name and job title. The next significant wave appeared in September with MessageLabs intercepting 1,100 individual e-mail attacks from the same criminal gang responsible for the June outburst. None of the e-mails this time contained any text; the only content was an RTF attachment which contained the spying trojan. Unlike the earlier June attack, where the name and job title of the victim was included within the subject line of the e-mail, this series of attacks purported to be from an employment service regarding a prospective employee and included the target’s company name within the subject line. Again, the e-mails were targeted towards C-level executives and senior management, including repeated attacks at the same company through different C-level entry points.”

January 2008: 

“With a credit-crunch looming, spammers are taking advantage. To capitalize, spammers have stepped up the number of mails that directly offer financial products, or are closely related to money, such as phishing, lottery scams, loans, jobs and other financial enticements.” Spammers have been increasing the use (to 17% of the spam noted in January) of search-engine redirection to mask the ultimate phishing destination, “which makes it difficult for traditional anti-spam products to detect the malicious link.”

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.