SOURCE: MessageLabs, now part of Symantec

MessageLabs, now part of Symantec

April 28, 2009 08:00 ET

Symantec Announces April 2009 MessageLabs Intelligence Report

Spammers Become Image Conscious With Levels Reaching 19 Month High and G20 Summit Becomes Targeted Trojan Topic

CUPERTINO, CA--(Marketwire - April 28, 2009) - Symantec Corp. (NASDAQ: SYMC) today announced the publication of its April 2009 MessageLabs Intelligence Report. The analysis highlights that spam has increased almost ten percent in one month, reaching heights of 85.3 percent, levels not experienced since September 2007. Also in April, the high profile G20 summit was the subject for a rise in targeted malware attacks. In addition, the number of malicious websites intercepted per day continued to increase significantly, taking the average number of intercepted each day to 3,561.

"Image spam was a phenomena that peaked in 2007, and now we see spammers recycling their techniques in the hope of repeating history," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. "Unfortunately for the spammers, the good guys are ready for the next bout of image spam and the cyber criminals have had to significantly revamp their tactics in order to put up a good fight."

Previously image spam involved emails containing attachments, such as .gif or .jpg that contained the spam content. However, today these images are now being hosted on trustworthy hosting sites, whilst taking advantage of redirection links from reputable sites in order to obfuscate the true location of the image hosting. This is a technique employed by spammers to evade spam filters that examine the domains of the hyperlinks contained in the email, in order to make a judgment about the nature of that domain and the likelihood that it is a spam message.

Other techniques used to evade detection include containing some standard email text, such as unsubscribe opt-outs and privacy links, designed to make the overall appearance seem legitimate and compliant with legislation such as CAN-SPAM in the US. Including randomized words within the content of the message in order to evade spam fingerprinting techniques and the use of HTML style tags to hide random text are other frequently used tactics.

The G20 summit was the subject of intense global media attention and also the subject for a rise in targeted malware attacks over the last two months, peaking in early April. On average in 2008 the number of such attacks was approximately 53 per day, rising to around 60 per day in Q1 2009. In the run-up to the G20 summit held in London on April 2, and the days following, the number rose to approximately 100 per day.

The recipients of these attacks included financial organizations, including individuals from some of the central banks involved with the G20. The email included a PDF attachment, which if opened would cause a Trojan downloader to be installed and executed. This would then download further spyware components onto the target computer. It was noted that some attacks were crafted as replies to actual non-malicious emails, indicating that at least one of the recipients had already been infected.

"The economic crisis is front of mind for many people, cyber criminals included," said Wood. "With recession-related spam and phishing attacks already appearing this year, it was just a matter of time before other fraudsters got in on the act. Consumers need to increase their online vigilance in such testing times."

Finally, the number of malicious websites continues to rise with April statistics highlighting an increase of 27.3 percent, with 3,561 new malicious websites stopped on average each day. This is due to a series of threats including drive-by Trojan malware, Trojans hidden inside PDF files, malware disguised as .gif's but in fact being executable files, and malicious IFRAME HTML tags. The latter is often as a result of the web server being compromised by a SQL injection attack, a technique favoured when targeting otherwise legitimate, bona fide domains. Other culprits also include software disguised as legitimate-looking apps, including rogue anti-malware software.

Other report highlights:

Web security: Analysis of web security activity shows that 63.3 percent of all web-based malware intercepted was new in April. MessageLabs Intelligence also identified an average of 3,561 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 27.3 percent since March.

Spam: In April 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 85.3 percent (1 in 1.17 emails), an increase of 9.6 percent since March.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 304.9 emails (0.28 percent), a decrease of 0.08 percent since March. In April, 13.3 percent of email-borne malware contained links to malicious sites, a decrease of 6.9 percent since March.

Phishing: One in 404.7 emails (0.25 percent) comprised some form of phishing attack, a decrease of 0.10 percent in the proportion of phishing attacks compared with March. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 9.2 percent to 89.7 percent of all email-borne malware threats intercepted in April.

Geographical Trends:

--  Spam levels in the UK rose by 25.6 percent in April to 94 percent,
    positioning it as the most spammed country.
--  Spam levels in the US rose to 79.4 percent, 77.4 percent in Canada and
    89.9 percent in Hong Kong. Germany's spam rate reached 83.3 percent and
    78.0 percent in the Netherlands. Spam levels in Australia were 87.8
    percent, 90.3 percent in China and 86.4 percent in Japan.
--  Virus activity in Germany rose by 0.07 percent to 1 in 164.8 emails,
    placing it in the top position for viruses in April.
--  Virus levels for the US were 1 in 512.1, 1 in 269.0 for Canada and 1
    in 908.8 for Australia. Virus levels for the UK were 1 in 229.3, 1 in 370.8
    in Hong Kong and in Japan they reached 1 in 1,883.2.

Vertical Trends:

--  In April, the most spammed industry sector with a spam rate of 82.9
    percent was the Retail sector.
--  Spam levels reached 81.1 percent for the Education sector, and 77.3
    percent for the Chemical & Pharmaceutical sector; 76.1 percent for Public
    Sector and 78.2 percent for Finance.
--  Virus activity in the Education sector fell by 0.19 percent but it
    still stayed at the top of the table with 1 in 118.1 emails being infected.
--  Virus levels for the IT Services sector were 1 in 367.3, 1 in 506.1
    for Retail and 1 in 446.9 for Finance.

The April 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at

Symantec's MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Contact Information


Keyword Cloud

View Website