IronPort Spam Virus Trends of 2007
December 1, 2007
120 billion spam messages are sent every day worldwide. That's according to IronPort Systems, who have announced the results of its 2008 Internet Security Trends Report.
The IronPort report highlights the key security trends of today and suggests ways to defend against the sophisticated new generation of Internet threats certain to arise in the future.
Amateur Hour is Over - spam is now a $200 billion business
"2007 marks a turning point for threats in the UK. Just when malware design seemed to have reached a plateau, new attack techniques have emerged, some so complex - and obviously not the work of amateurs - they could have only been designed by means of sophisticated research and development," said Jason Steer, European Product Manager, IronPort.
"For a time, security controls designed to manage malware were working. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and the sophistication increased.
Information is the New World Currency
Spam, virus and malware attacks are costly. The average UK computer user spends 5-10 minutes dealing with spam every day. Clean up cost are estimated at $500 per computer. An estimated 60 million people have had data about themselves exposed over the past 13 months, and there has been an estimated 20 Billion dollars spent in clean-up costs and lost productivity worldwide. In addition, 48 percent of organisations do not have a policy for notifying customers when their private data may be at risk.
Looking Ahead: Social Malware
Modern malware borrows characteristics from the social networking and collaboration sites such as FaceBook and Myspace. The newest threats like the Storm Trojan are collaborative, adaptive, work between two computers and are intelligent. It flies under the radar, living on PCs for months or years without detection. The old attitude of "what I can't see won't hurt me" is no longer valid.
Additional Findings and Statistics
The overall trends in spam and malware can be characterised by a larger number of more targeted, stealthy and sophisticated attacks. Specific observations include:
- Spam volume increased 100 percent, to more than 120 billion spam messages daily. That's about 20 spam messages per day for every person on the planet. IronPort measurements have shown that enterprise users get anywhere from 100 to 1,000 spam messages per day.
- Spam has become less focused on selling product, more focused on growing spam networks. Earlier versions of spam attacks were primarily selling some type of product (pharmaceuticals, low interest mortgages, etc. However, today's spam includes an increasing amount of links that point to web sites distributing malware. This malware is often designed to further extend the size and scale of the bot network that originated the spam in the first place. During 2007, IronPort's Threat Operations Centre measured a 253% increase in "dirty spam" that contained links that pointed to known malware sites. This is further evidence of the trend that malware writers are using both email and web technologies blended together to propagate threats.
- Viruses are less visible, but increasing in number. Virus writers have evolved from the previous mass distribution attacks such as netsky and bagel viruses. In 2007 viruses where much more polymorphic, and typically associated with the proliferation of very sophisticated bot networks such as "feebs" and "storm". In one week alone, the IronPort Threat Operation Centre detected more than 6 variants of the Feebs virus, each of which began spreading exponentially before signatures could be created.
The duration of a particular attack technique decreased substantially. In previous years, spammers would use a typical technique, such as the use of embedded images, for months. More recent techniques such as MP3 spam lasted only 3 days. But there are more of these smaller attacks. Where as in 2006 image spam was the primary new technique, 2007 saw more than 20 different attachment types used in different, short-lived attack techniques.
