Wednesday, October 12, 2011

SA Symantec Intelligence Report

Johannesburg - Symantec on Tuesday announced the results of the September 2011 Symantec Intelligence Report, which saw phishing attacks in South Africa increase once again.

The country is now positioned as the most targeted geography for phishing, with one in 133.1 emails.

This month’s analysis also reveals that a deluge of malicious email-borne malware has left a clear mark on the threat landscape for September. Approximately 72 percent of all email-borne malware in September could be characterised as aggressive strains of generic polymorphic malware, first identified in the July Symantec Intelligence Report. At the end of July, this rate was 23.7 percent, in August it fell slightly to 18.5 percent before soaring to 72 percent in September.

“This unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures,” said Paul Wood, Senior Intelligence Analyst, Symantec.cloud.

Further analysis reveals that the social engineering behind many of these attacks has accelerated with the adoption of a variety of new techniques, such as pretending to be an email from a smart printer/scanner being forwarded by a colleague in the same organisation has been detected.

“The idea of an office printer sending malware is an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future,” Wood said.

Although spam levels remained fairly stable during September, Symantec Intelligence observed the use of identified vulnerabilities in certain older versions of the popular WordPress blogging software on a large number of web sites across the internet. Spam emails containing links to these compromised web sites are being spammed out. It is however important to note that blogs hosted by WordPress itself seem to be unaffected.

Additional research reveals that JavaScript is becoming increasing popular as the programming language used by spammers and malware authors. Spammers use it to conceal where they are redirecting pages, and in some cases, to conceal entire web pages.

“For spammers, hosting simple JavaScript obfuscation pages on free hosting sites can increase the lifetime of that site before the site operator realises the page is being used for malicious activity,” Wood said. “JavaScript is popularly used for redirecting visitors of a compromised web site to the spammer's landing page. While some of these techniques have been common in malware distribution for some time, spammers are increasingly using them.”
Originally posted on iol scitech
Enhanced by Zemanta