Nearly A Third of All Malicious Domains Blocked in May Were New: MessageLabs Report
thewhir.com
May 26, 2010
MessageLabs Intelligence identified an average of 1,770 websites each day harboring malware and other potentially unwanted programs including spyware and adware this month, marking an increase of 5.6-percent increase over last month, according to Symantec
Symantec released its monthly report Wednesday, which further revealed that that 32.1 percent of all malicious domains blocked by Skeptic Web Security Version 2.0 were new in May, a decrease of 1.5 percentage points compared with April. Of all web-based malware blocked, however, 12.4 percent were new in May, a 1.5 percent increase since the previous month. Also interesting is the fact that spammers are increasingly linking to legitimate domains. According to Symantec's research, nine out of ten spam emails now contain a URL link in the message and five percent of all domains found in spam URLs belonged to genuine websites this month. Of the most frequently used domain names contained in spam URLS, the top four belong to well-known web sites used for social networking, blogging, file sharing and host other forms of user-generated content. "Domains belonging to well-known web sites tend to be recycled and used continuously compared with 'disposable' domains which are used for a short period of time and never seen again," said MessageLabs Intelligence senior analyst Paul Wood said in a statement. "Perhaps this is because there is some work involved in acquiring them: the legitimate domains require CAPTCHAs to be solved to create the large numbers of accounts that are then used by spammers." Rustock botnet uses the greatest number of disposable domains, followed by Cutwail and Grum. Storm, which has recently returned to the spamming scene, on the other hand, uses more genuine domains than disposable ones. Sixty-five percent of spam from the Storm botnet uses a legitimate domain, many of which are for URL shortening services. Disposable domains are often used quickly after being first registered; and on average, 50 percent are used within nine days, before spammers switch to newer domains. Also in May, MessageLabs intercepted a malware attack featuring the theme of World Cup soccer. Composed in Portuguese and featuring the branding of one of the event sponsors, the email was sent from an IP address in Macau, China. "Once downloaded and activated, the malware produces files that generate pop-up messages and in the background collects information on what other machines are on the same network enabling the attacker further access to the compromised computer," Wood said. As the World Cup begins next month, soccer-themed campaigns are probably going to become more likely.
|
