MessageLabs Intelligence Reports make good reading

* MessageLabs offers spam and virus analysis

Recently I explored a useful resource in the Intelligence Reports from MessageLabs. The Intelligence Reports are brief analyses of spam and virus prevalence with news articles summarizing significant new developments in the periods they cover.

Recently I explored a useful resource in the Intelligence Reports from MessageLabs, a company “founded in 1999 with a single purpose - to find a better way to stop the new breed of viruses that were harnessing the power of Internet to spread rapidly and causing huge disruption to the business world.” 

The Intelligence Reports are brief (3 to 22 pages) analyses of spam and virus prevalence with news articles summarizing significant new developments in the periods they cover. These concise reports include excellent graphics, clear explanations of new malicious-software and deception techniques, and will be particularly useful to security and network professionals preparing executive briefings, as well as researchers, writers and students. Today I’m pointing to some particularly interesting findings from the most recent issues.

December 2007 Annual Security Report: "A year of storms, spam and socializing..."

The authors point to a growing wave of increasingly sophisticated social engineering techniques such as “targeted attacks… aimed at C-level executives” and also exploitation of “social networking sites [and] corporate Web sites… to collect more information on their targets before launching such attacks.”

Botnet usage and sophistication grew; the StormWorm gang controlled “almost two million compromised computers [and] was deemed one of the largest of its kind.” Spam using attachments such as spreadsheets and MP3 sound files became a nuisance in that year.

“Whaling” (in contrast to phishing) attacks were identified as “highly targeted phishing-style attacks against senior executives around the world across a range of organizations... The first major whaling attack in 2007 occurred on June 26 when MessageLabs intercepted 512 e-mails with a Microsoft Word document attached, which contained an embedded spying trojan. All of the e-mails targeted senior executives across a number of organizations in many countries. So precise were these attacks that the subject line of the email included the recipient’s name and job title. The next significant wave appeared in September with MessageLabs intercepting 1,100 individual e-mail attacks from the same criminal gang responsible for the June outburst. None of the e-mails this time contained any text; the only content was an RTF attachment which contained the spying trojan. Unlike the earlier June attack, where the name and job title of the victim was included within the subject line of the e-mail, this series of attacks purported to be from an employment service regarding a prospective employee and included the target’s company name within the subject line. Again, the e-mails were targeted towards C-level executives and senior management, including repeated attacks at the same company through different C-level entry points.”

January 2008

“With a credit-crunch looming, spammers are taking advantage. To capitalize, spammers have stepped up the number of mails that directly offer financial products, or are closely related to money, such as phishing, lottery scams, loans, jobs and other financial enticements.” Spammers have been increasing the use (to 17% of the spam noted in January) of search-engine redirection to mask the ultimate phishing destination, “which makes it difficult for traditional anti-spam products to detect the malicious link.”

The types of spam content have been shifting: “Image spam has been in general decline in recent weeks, at approximately 2% of spam, compared with a peak of 20% in the summer of 2007. The majority of spam is now made up of text-only or HTML spam. Text spam now accounts for around 60% of spam, compared with approximately 30% last summer. HTML spam now accounts for almost 38% of spam, compared with 50% last summer. Other file types including PDF, XLS and MP3 account for less than 1% of spam.”

February 2008

In February, 72.7% of the e-mail scanned by the company’s anti-spam services qualified as spam; 0.95% of all e-mail contained a virus; 1.0% of all e-mail contained a phishing attack. Spam from Gmail accounts rose markedly, suggesting that criminals may have devised ways of defeating the CAPTCHA method for identifying human users: 

“First, the spammer can hire the services of 'mechanical turks,' individuals that manually create accounts or who are presented with the CAPTCHAs to solve using a software interface. Or, the attackers may have developed an algorithm, which can defeat the CAPTCHAs computationally. An algorithm-based attack is very scalable once a reasonable level of accuracy is achieved. MessageLabs research indicates that these algorithms deployed against CAPTCHA systems are 20-30% successful. When combined with the incredible computational horsepower available in hackers’ botnets and the ability to make unlimited attempts, this success rate means that attackers can create as many e-mail accounts as desired.”

The authors explain, “Spammers place a premium on using accounts from large, reputable online mail services as the spam is less likely to be blocked.”

I actually downloaded and read all the reports dating back to February 2006; they have a wealth of fascinating detail for anyone interested in the problem of malware and spam. I think MessageLabs is doing the community a service by providing these documents freely – and there’s not even a registration requirement for access. Bravo!

In subsequent columns, I’ll be exploring other resources from MessageLabs: white papers, case studies, and podcasts.

[As usual, it’s worth noting that I have no financial relationship whatever with MessageLabs. I just think their reports are neat!]

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.