sophos midyear threat report july08 p1of1

8/14/2019 Sophos Midyear Threat Report July08 p1of1

1/20

Mid Year Report : Malware, Spam and

Web Threats 2008

Mark HarrisDirector of SophosLabs


2/20

2

Agenda

Malware The size and shape of the problem

Spam China and beyond

Phishing Socializing

Web The threat to your reputation

Not just a Microsoft problem

Summary


3/20

3

Malware The Size and Shape

Up to 20,000 samples per day!

Automation and proactive detection is key

June 2008

158 updates

781 identities

60% were Trojans

10% Behavioral Genotype


4/20

4

Malware Return of the Virus

Complex viruses becoming more common

Infects files

Harder to remove

Continuously developed

Sality

First seen in 2003

Kuku = Hide and seekCurrently on version 5.04 (Exp)


5/20

5

Shift in Delivery

Only 1 in 2500 emails

have malware

attachments

Down from 1 in 332 in

same 2007 period

Shifted to links in email

Long tail of Old malware

PushDo new malware,

old technique


6/20

6

Spam China and Beyond

96.5% of email is spam

New spam web page every 20 seconds

Moving to Chinese domains

Harder to get information

Easier to register

Backscatter

Non-delivery reports of spam

Do you click on spam?1 in every 530 page

requests were to spam

URLs


7/20

7

Pump and Dump Done?

Volumes have dropped from 30+ % of all spam to less than 1%

Very few stock symbols being spamvertised

Market slowdown? SEC crackdown?

Moving to short selling

Amazon having troubles


8/20

8

Phishing - Socializing

Not just financial

Banks

Tax payers

Auction

Payment sites

Also Social

Facebook


9/20

9

Social Targets

Social networking sites increasingly targeted

Spam

Scam

Adware


10/20

10

Spear Phishing

Very targeted activity

Use Facebook, LinkedIn, etc. to identify targets

University of Waterloo

Oak Ridge National LabUniversity of Minnesota

Can also be used to target malware

Subpoena CEO = Install keylogger

Remember Phishing

works on allplatforms!


11/20

11

Web The Threat to Your Reputation

16,173 new malicious web pages a day!

One every 5 seconds

1 in 2000 page requests were to malicious sites

Over 90% are hacked sites

Major brands affected

Euro 2008 soccer tournament

UK broadcaster ITV

Cambridge University Press

Lawn Tennis Association

Trend Micro

Sony PlayStation


12/20

12

SQL Injection Attacks

Mal/BadSrc 29% of infections in June 08

Simple attack method

Search for vulnerable servers

Target attack

Inserts iframe snippets into every page

Variety of payloads

Including scareware


13/20

13

Not Just a Microsoft Problem

Nearly 60% compromised web sites

running Apache

Growing market share of Mac makes

malware worthwhile

Poisoned ads scareware

Mac Trojans


14/20

14

What about Mobile?

Malware Very Low Threat

No single platform, but .

iPhone update was Trojanized

Spam

Txt message spam.

Limited in the West, but .

353.8 Billion spam messages in China438,668 complaints

Many are simply advertising 36%

Also fraudulent 39%


15/20

15

What About Linux?

Not Just Web Servers

70% of attacks on Linux honeypot,

infected with a 6 year old virus

Linux servers used as command and

control for botnets

Rst-B analysis shows global problem

Thousands of compromised servers


16/20

16

SophosLabs global network of expertsSophosLabs Knows Threats Better

Than Anyone


17/20

17

Sophos Security and Control Solutions


18/20

18

Summary

Malware growth continues

Proactive detection is critical

Financial motivation for most threats including spam

Spam still makes money!

Web represents biggest threat

To users, and your corporate reputation

Dont forget other platforms

Mac increasingly targeted

Linux could be your typhoid Mary


19/20

19

Staying ahead of the curve

Get the latest breaking news about new malware, spam,

security threats, and arrests straight to your desktop at

www.sophos.com/feeds

Get daily updates from SophosLabsTM Blog, which provides

insight into the most interesting and widespread threats

www.sophos.com/blog


20/20

20

Thank you

US and Canada:

1-866-866-2802

[email protected]

UK and Worldwide:

+ 44 1235 55 9933

[email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected]

sophos midyear threat report july08 p1of1

Documents