Conficker and Facebook / Twitter attacks dominate Q1 email threats

Abhilash Sonwane, vice-president product management at Cyberoam headquartered in Ahmedabad, India, said: “Attackers have confirmed once more that they work on both sides of the equation – user and the platform. They plan on the emotions of users while exploiting loopholes on the platform being used. Used in combination, it is an effective way to propagate malware.”

Top 10 web categories infected with malware:

  • Pornography & sexually explicit
  • Computers & technology
  • Streaming media & downloads
  • Business
  • Search engines and portals
  • Criminal activity
  • Shopping
  • Health & medicine
  • Job search
  • Education

Sophisticating their social engineering techniques using fear, emotion and security loopholes to perpetuate attacks, spammers tricked users on Facebook, Myspace and Twitter into divulging personal information, according to Cyberoam.

At the end of 2008, spammers sent wall posts claiming that scandalous pictures of individuals had surfaced on e.g. Facebook, while in Q1 2009, they posted desperate messages from ‘friends’ saying they were in a financial bind. However, the link posted took Facebook users to an imposter site collecting usernames and passwords.

Top 10 web categories manipulated by phising:
  • Health & medicine
  • Web-based email
  • Finance
  • Computers & technology
  • Chat
  • Search engines & portals
  • Social networking
  • Personal sites
  • Download sites
  • Politics

On Twitter, spammers sent direct messages to users of blog posts and funny photos related to them. They exploited security loopholes on Twitter such as the use of TinyURLs to fit Twitter’s 140 character limit, meaning users did not know where the link led before clicking, Cyberoam said.

The highlights of the Q1 Email Threat Trend Report from Cyberoam and Commtouch were:

  • The Conficker worm infected more than 15m computers since it appeared last autumn;

  • Loan spam jumped to the top of the list of spam topics with 28% in Q1;

  • Users of social networking sites fell victim to new, more complex phising attacks;

  • Computers/technology sites and search engines/portals are among the top 10 web site categories infected with malware and/or manipulated by phising;

  • Brazil continues to lead in zombie computer activity, producing nearly 14% of zombies for the quarter;

  • Spam levels averaged 72% of all email traffic throughout Q1 and peaked at 96% in early January before bottoming out at 65% in February. Spammers attacked large groups of a single ISP’s users before moving onto the next ISP;

  • An average of 302 000 zombies were activated each day for the purpose of malicious activity.


What’s Hot on Infosecurity Magazine?