SOURCE: MessageLabs, Inc.

December 10, 2007 06:00 ET

MessageLabs Intelligence 2007 Annual Security Report: A Year of Storms, Spam and Socializing With the Enemy

Even More Sophisticated and Targeted Attacks Come of Age in 2007

NEW YORK, NY and LONDON--(Marketwire - December 10, 2007) - MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the launch of its MessageLabs Intelligence 2007 Security Report. The annual report highlights how 2007 has been a year of diversity due to the vast number of new tactics, techniques and trojans entering the security market during the last twelve months.

Spam retains the title of "dominant menace" with annual spam levels reaching 84.6 percent but rather than just playing the volume game, the spammers also introduced an additional ten percent of new and previously unknown spam attacks than in 2006. The notorious Storm botnet which appeared on the threat landscape early in 2007 is likely to take some credit for the increased innovation, especially through its distribution of 15 million emails with MP3 attachments, new to the market in October.

"2007 will be a memorable year for the security industry for many reasons. With consumers handing cyber criminals their personal details through social networking sites and the Storm botnet literally taking the market by storm, it has been an attention-grabbing twelve months," said Mark Sunner, Chief Security Analyst, MessageLabs. "Although targeted attacks seem to be high on the threat agenda, the war between businesses and the bad guys significantly heightened in 2007 as new threats appeared from every angle and on every communications channel. If 2008 is as frenzied as this year, businesses need to prepare for battle and ensure they have their protection in place."

As the year progressed, so did the variety in file attachments being used as well as the transition to using malicious links, which are able to travel under the radar of signature-based anti-virus technology provoke less suspicion for the email recipients. At the beginning of the year, only three percent of email-borne viruses contained malicious links; however, by December, 25 percent of emails had a vicious link. The trend towards malicious links demonstrates how virus writers are becoming increasingly sophisticated in the malware they create in order to avoid detection and increase their chances of penetrating a vulnerable system.

Socializing with the enemy

2007 also saw the emergence of threats targeting the fast growing and vulnerable area of social networking. Web sites such as Facebook, Linked-In and Plaxo present rich-pickings to cyber criminals looking to gather personal information for use in identity theft or targeted attacks. During 2007, several significant waves of targeted attacks appeared, primarily with C-level and senior executives being the recipients of such attention. Levels rose from one attack per day in 2006 to more than 1,100 over a 16-hour period during September 2007. The most recent wave occurred in November when the first sector-specific attack took place with almost 1,000 individual attacks aimed at the Financial Sector. MessageLabs clients are becoming increasingly wary of these sites, with the category which social networking tools fall under being the third most commonly triggered policy-based filtering rule on MessageLabs Web Security Services.

"The rapid adoption rate of social networking sites such as Facebook has inevitably been exploited by cyber criminals intent on adding the content in these sites to their portfolio of tools," Sunner said. "As we have seen in the past, mass adoption of new communication or web-based tools is often followed by a rise in the number of threats against it, and the 'Facebook' effect will present new challenges to corporate and personal online security."

The rise in targeted attacks was also matched by an increase in the number of phishing attacks, which shadowed the number of virus attacks at two separate points during the year, January and June. In addition, when measured as a proportion of all malware attacks, phishing attacks now account for 66 percent of all attacks, a steep increase when compared with the average of 24.8 percent in 2006.

Top Trends in 2007

Web Security: In 2007, MessageLabs identified an average of 1,253 new web sites per day harboring malware, which equates to almost half a million new malicious web sites appearing throughout the year.

Spam: In 2007, the annual average spam rate was 84.6 percent, a slight decline on the 2006 figure statistic of 86.2 percent although the proportion of spam that is new and previously unknown has increased by ten percent. Text, images, ZIP, RAR, XLS, RTF, PDF and MP3 spam were all seen in file attachments during the year.

Viruses: The average virus level for 2007 was 1 in 117.7 emails (0.8 percent), which reflects a fall of 0.6 percent since 2006, where levels averaged at 1 in 67.9 emails. Unlike the plateauing spam levels throughout 2007, virus levels rose and fell throughout the year with September levels reaching the highest ratio experienced in 18 months with 1 in 48 emails containing a virus or trojan. The impact of the Storm botnet was apparent as Zhelatin, one of the names given to the malware used to infect computers with the Storm botnet trojan, was ranked the second most intercepted email virus of 2007.

Phishing: The number of phishing attacks rose to 1 in 156 emails across 2007, compared to 1 in 274.2 emails in 2006. Phishing attacks have widened their targets from defrauding major international banks and financial organizations to also targeting smaller, national and state banks, including credit unions.

The annual MessageLabs Intelligence Report provides greater detail on all the trends and figures noted above, as well as more detailed trends for 2007. The full report is available at

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. Securing more than 2.5 billion email connections and 1 billion web requests each day, MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world. To view live statistics on email security threats around the world please visit

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 16,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit

Contact Information