SOURCE: MessageLabs, Inc.

August 05, 2008 06:00 ET

MessageLabs Intelligence July 2008: Spammers Use Google Sites to Host Spam

Web Threats Continue Rise Following SQL Injection Attacks; Reach Record Levels

NEW YORK, NY and LONDON--(Marketwire - August 5, 2008) - MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for July 2008. Analysis highlights that spammers continued the trend of abusing Google's hosted applications to host spam. Previously abused applications include Google Docs, Google Pages and Google Calendar. Google Sites allows a novice to easily create a web page composed of a string of random letters and numbers resulting in a URL that is more difficult to block using traditional signature-based anti-spam tools.

"Google Sites is yet another way that spammers have programmatically defeated CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) mechanisms, a validation technique that is designed to defend against automated sign-up tools frequently used by spammers by requiring the user to enter a string of letters," said Mark Sunner, Chief Security Analyst, MessageLabs. "While Google Sites spam accounts for only 1 percent of all spam currently, we anticipate that this technique's popularity will rival that of its predecessors, Google Docs, Calendar and Pages spam. If this is the case, then we may see spam levels increase in the months ahead."

Also in July, the number of new malicious websites blocked each day has increased by 91 percent from 2,076 since June to an average of 3,968 new sites intercepted daily. This month's rise in web threats, according to MessageLabs, is due to the number of websites linked to SQL injection attacks. This latest increase in malicious websites brings the threat to record high levels.

"An emerging theme for threats this month seems to be new variations on old attack methods," Sunner said. "Following on from June, web-based malware continues to be a treacherous threat and organizations would be smart to build their Web security defenses in preparation for what could be on the horizon."

Similar to last month, a flood of spam emails with subject lines displaying celebrity names and made up breaking news was intercepted in July. The Storm-generated emails included links to the Storm malware disguised as video footage of the fabricated events. However, the celebrity referenced spam emails were unique in that they contained links that, if activated, downloaded the new rogue anti-spyware program Antivirus XP 2008 on the victims' computers using a file called video.exe. The program then scans the computer and displays the number of infections, which can only be removed by purchasing the software.

Other report highlights:

Web security: Analysis of Web security activity shows that 83.4 percent of all web-based malware intercepted was new in July. MessageLabs also identified an average of 3,968 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 91 percent since June.

Spam: In July 2008, the global ratio of spam in email traffic from new and previously unknown bad sources was 75.1 percent (1 in 1.33 emails), a decrease of 1.4 percent since June.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 148.2 emails (.67 percent), a decrease of 0.07 percent since June. In July, 3 percent of email-borne malware contained links to malicious sites, a decrease of 17.3 percent since June.

Phishing: In July, phishing activity rose by .19 percent compared with the previous month. One in 180.6 (.55 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails has increased by 33.8 percent to 82.1 percent of all email-borne malware threats intercepted in July.

Geographical Trends:

--  In July, Switzerland remained the most spammed country with levels
    reaching 84.2 percent of all email. The largest increase in spam levels
    this month was observed in the United States where it rose by 5.9 percent
    to 79.8 percent.
--  Spam levels in the UK reached 69.9 percent in July and 74.6 percent in
    Canada. Germany's spam rate reached 70 percent and spam rose to 70.6
    percent in the Netherlands. Spam levels in Australia were 64.1 percent,
    72.9 percent in China and 67.8 percent in Japan.
--  The largest increase of .48 percent in virus activity was observed in
    Canada where virus levels of 1 in 80.7 put the country in third place for
--  Virus levels for the US were 1 in 243.7 and 1 in 110.3 for the UK and
    1 in 214.8 for Germany. In Australia, virus levels were 1 in 303.1 and 1 in
    378.6 for Japan.

Vertical Trends:

--  Spam decreased across all industry sectors in July with the exception
    of the Non-Profit sector where spam rose by 5.8 percent to 82.2 percent.
--  The largest decrease was noted in the Accommodation and Catering
    sector where levels fell by 3.6 percent and 73 percent respectively.
--  Chemical and Pharmaceutical sector spam levels reached 72.6 percent,
    78.3 percent for Retail, 72.4 percent for Public Sector and 68.5 percent
    for Finance.
--  Similarly, virus levels across most industry sectors decreased during
    July.  In the Real Estate sector, virus levels rose by .07 percent to 1 in
    135.4 emails containing malware. The largest decline was noted in the
    Accommodation and Catering sector where levels fell by .51 percent to 1 in
    69 emails containing malicious content.
--  Virus levels for the IT Services sector were 1 in 158.7, 1 in 176.6
    for Retail and 1 in 198.8 for Finance.

The July 2008 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 18,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit

Contact Information