Mid Year Report : Malware, Spam and

Web Threats 2008

Mark Harris
Director of SophosLabs
Agenda
Malware – The size and shape of the problem
Spam – China and beyond
Phishing – Socializing
Web – The threat to your reputation
Not just a Microsoft problem
Summary

2
Malware – The Size and Shape
Up to 20,000 samples per day!
Automation and proactive detection is key
June 2008
158 updates
781 identities
60% were Trojans
10% Behavioral Genotype

3
Malware – Return of the Virus
Complex viruses becoming more common
Infects files
Harder to remove
Continuously developed
Sality
First seen in 2003
Kuku = „Hide and seek‟
Currently on version „5.04 (Exp)‟

4
Shift in Delivery
Only 1 in 2500 emails
have malware
attachments
Down from 1 in 332 in
same 2007 period
Shifted to „links in email‟
Long tail of „Old‟ malware
PushDo – new malware,
old technique

5
Spam – China and Beyond
96.5% of email is spam
New spam web page every 20 seconds
Moving to Chinese domains
Harder to get information
Easier to register
Backscatter
Non-delivery reports of spam

Do you click on spam?

1 in every 530 page
requests were to spam
URLs
6
Pump and Dump Done?

Volumes have dropped from 30+ % of all spam to less than 1%

Very few stock symbols being „spamvertised‟
Market slowdown? SEC crackdown?
Moving to “short selling”
“Amazon having troubles”

7
Phishing - Socializing
Not just financial
Banks
Tax payers
Auction
Payment sites
Also Social
Facebook

8
Social Targets
Social networking sites increasingly targeted
Spam
Scam
Adware

9
Spear Phishing
Very targeted activity
Use Facebook, LinkedIn, etc. to identify targets
University of Waterloo
Oak Ridge National Lab
University of Minnesota
Can also be used to target malware
Subpoena CEO = Install keylogger

Remember Phishing
works on all platforms!

10
Web – The Threat to Your Reputation
16,173 new malicious web pages a day!
 One every 5 seconds
1 in 2000 page requests were to malicious sites
Over 90% are hacked sites

Major brands affected

Euro 2008 soccer tournament
UK broadcaster ITV
Cambridge University Press
Lawn Tennis Association
Trend Micro
Sony PlayStation

11
SQL Injection Attacks
Mal/BadSrc – 29% of infections in June ‟08
Simple attack method
Search for vulnerable servers
Target attack
Inserts iframe snippets into every page
Variety of payloads
Including „scareware‟

12
Not Just a Microsoft Problem
Nearly 60% compromised web sites
running Apache
Growing market share of Mac makes
malware worthwhile
Poisoned ads – scareware
Mac Trojans

13
What about Mobile?
Malware – Very Low Threat
No single platform, but ….
iPhone update was Trojanized
Spam
Txt message spam.
Limited in the West, but ….
353.8 Billion „spam‟ messages in China
438,668 complaints
Many are simply advertising – 36%
Also fraudulent – 39%
14
What About Linux?
Not Just Web Servers
70% of attacks on Linux honeypot,
infected with a 6 year old virus
Linux servers used as command and
control for botnets
Rst-B analysis shows global problem
Thousands of compromised servers

15
SophosLabs™ Knows
SophosLabs global Threats
network ofBetter
experts
Than Anyone

16
Sophos Security and Control Solutions

17
Summary
Malware growth continues
Proactive detection is critical

Financial motivation for most threats including spam

Spam still makes money!

Web represents biggest threat

To users, and your corporate reputation

Don‟t forget other platforms

Mac increasingly targeted
Linux could be your „typhoid Mary‟

18
Staying ahead of the curve

Get the latest breaking news about new malware, spam,

security threats, and arrests straight to your desktop at
www.sophos.com/feeds
Get daily updates from SophosLabs Blog, which provides
TM

insight into the most interesting and widespread threats

www.sophos.com/blog

19
Thank you
US and Canada:
1-866-866-2802
NASales@sophos.com

UK and Worldwide:
+ 44 1235 55 9933
Sales@sophos.com

20