SOURCE: MessageLabs, Inc.

July 01, 2008 06:00 ET

MessageLabs Intelligence June and Second Quarter 2008: Web Threats Peak to Highest Level in One Year

Activity From Storm Continues Decline While Srizbi Heats Up

NEW YORK, NY and LONDON--(Marketwire - July 1, 2008) - MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for June 2008. Analysis highlights that the number of new malicious websites blocked each day has risen by 58 percent in June to its highest level since April 2007. The rise in malicious websites, according to MessageLabs, is linked to a rise in the number of spyware and adware sites being blocked.

"Web-based malware has become a dangerous tool in the arsenal of cybercriminals," said Mark Sunner, Chief Security Analyst, MessageLabs. "The bad guys know that web-borne attacks are unchartered territory for many computer users and are taking advantage of this in addition to vulnerabilities and weak security in web applications. Businesses that allow employee access to any web site and sites with webmail accounts that haven't been scanned by corporate security systems are at particular risk."

June also saw some new and unusual spam topics capitalizing on insults and celebrity mentions in the subject lines to grab attention and drive recipients to action. One spam run, originating from the Storm botnet, used personalized insults like 'what a stupid face you have' to annoy recipients. The message contains a link to the Dogpile search engine that when activated re-directs to a malware site that has been compromised to host a video.exe file. The search-engine redirect functions similarly to how the Google "I Feel Lucky" link was abused earlier this year.

Another spam cluster used celebrity references to entice recipients into clicking on a link that directed to the same compromised domain with a smattering of licentious headlines including names such as US Senator and Democratic US Presidential candidate Barack Obama. However in this run, the link displayed a page from the PornTube site, a family of porn sites that specialize in YouTube-like content, requiring recipients to download the same Storm-generated executable file, video.exe. The volume of interceptions accounted for more than 18 percent of all spam during the periods it was sent.

"This is not the first attack of this kind we have seen," Sunner said. "In April, MessageLabs stopped a similar attack spoofing YouTube videos, not mailed out as links but distributed via user-generated content sites like blogs and links posted on comments pages. This is testament to the fact that spammers are using content that historically works, but vary the distribution tactics so as to go relatively unrecognized in their motives."

During Q2, activity from the Storm botnet declined to a quarter of prior volumes from 20 percent in Q1 to less than 5 percent in Q2 forcing spammers to turn to rival botnets like Srizbi which is now responsible for around 40 percent of all spam. With emails that used headlines pertaining to the Beijing Olympics and earthquakes in China, the spammers returned to traditional ways of spreading Storm malware via a link to an IP address of an already compromised machine.

Other report highlights:

Web security: Analysis of Web security activity shows 31.4 percent of all web-based malware intercepted was new in June. MessageLabs also identified an average of 2,076 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 58 percent since May.

Spam: In June 2008, the global ratio of spam in email traffic from new and previously unknown bad sources was 76.5 percent (1 in 1.31 emails), a decrease of 0.3 percent since May. Spam levels for Q2 2008 are at their highest since Q1 2007 and 2.3 percent higher than for Q1 2008. Spam levels in Q2 are 1.9 percent higher than for the same period in 2007 and 19.6 percent higher than in 2006.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources, was one in 133.9 emails (.75 percent) an increase of 0.16 percent since May. 20.2 percent of email-borne malware contained links to malicious sites, an increase of 14.8 percent since May. 88.1 percent of these links were generated by the Storm botnet, an increase of 32.1 percent since May. Virus levels for Q2 2008 are .16 percent lower than for Q1 2008. Compared with Q2 2007, virus levels are now .19 percent lower and .77 percent lower than for Q2 2006.

Phishing: June saw a decrease of 0.02 percent in the proportion of phishing attacks compared with the previous month. One in 277.2 (.36 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had fallen by 25.7 percent to 48.3 percent of all email-borne malware threats intercepted in June. Although the intensity of phishing attacks hasn't changed significantly in June, the types of target organizations have widened to include recruitment agencies and online retailers. Phishing levels for Q2 2008 are now .23 percent less than for Q1 and almost unchanged from the same period in 2007, now only .03 percent less. Compared with Q2 2006, phishing levels are .2 percent higher.

Geographical Trends:

--  In June, Switzerland leapfrogged Hong Kong as the most spammed country
    with levels reaching 84.8 percent of all email. The largest increase in
    spam levels this month was observed in the UAE where it rose by 7.4
--  Spam levels in the US reached 68.8 percent in June, 77.8 percent in
    Canada and 74.3 percent in the UK. Germany's spam rate reached 73.5 percent
    and spam rose to 73.2 percent in the Netherlands. Spam levels in Australia
    were 66.9 percent, 76.6 percent in China and 70.7 percent in Japan.
--  Virus activity rose across almost all countries in June, except for
    Italy and Spain where levels fell by .02 percent and .08 percent
    respectively. The largest increase was observed in the UAE at 1.25 percent.
--  Virus levels for the US were 1 in 253.1 and 1 in 132.3 for Canada.
    Levels reached 1 in 85.6 for the UK; 1 in 155.0 for Germany; 1 in 151.7 for
    Australia and 1 in 265.9 for Japan.

Vertical Trends:

--  Spam levels fluctuated across many industry sectors in June, with
    Manufacturing and Education being the top two verticals for spam activity.
--  The largest increase was noted in the Recreation sector, where spam
    levels rose by 2.3 percent to 77.7 percent.
--  Chemical and Pharmaceutical sector spam levels reached 73.6 percent,
    80.1 percent for Retail, 75.2 percent for Public Sector and 71.5 percent
    for Finance.
--  Similarly, virus levels across most industry sectors increased during
    June, except in Education where virus levels declined by .32 percent, but
    retained the top spot for most vulnerable sector. Virus levels for IT
    Services were 1 in 150.3; 1 in 172.8 for Retail and 1 in 181.5 for Finance.

The June and Q2 2008 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 18,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit

Contact Information