MARSHAL8e6 TRACELABS REPORT FINDS PHARMACEUTICAL SPAM NOW MAKES UP 75 PERCENT OF ALL SPAM IN 2009

Published 13th July 2009

Bi-Annual Report Details Malware Distribution Tactics Used
by Cyber Criminals

Orange, Calif. and Basingstoke, UK – July 13, 2009 – Marshal8e6, a global provider of Secure Web Gateway and email security products for more than 20,000 businesses worldwide, today released its bi-annual TRACElabs report detailing the latest spam and exploit levels. From January to June 2009, Marshal8e6 TRACElabs observed a staggering 60 percent increase in spam volumes, with spam now representing a full 90 percent of all inbound email.

Despite the successful shutdowns of the McColo and 3FN hosting servers in recent months, spam volumes have continued to steadily rise. Marshal8e6 TRACElabs has found that even as authorities and the security community improve their tactics against fighting cyber criminals, spammers have evolved to keep up and continue distributing malware to make money. The top findings of the report include:

• Rustock botnet – Has emerged as the dominant force in spam output in 2009 and is responsible for more than 40 percent of all spam sent so far this year.
• Pharmaceutical spam – Now makes up 75 percent of all spam, proving that cyber criminals effectively exploit the online availability of discounted drugs.
• Twitter scares – Cyber criminals continue to leverage social media sites like Facebook, YouTube and now Twitter to spread links leading to malware-infected Web sites and spam.
• “Scareware” applications – Fake anti-virus or ‘scareware’ campaigns have risen to a level never seen before; once installed on a system, scareware tricks users into thinking that their computers are infected and prompts them to purchase ‘full software,’ leaving their credit card information vulnerable.
• Image spam – Spammers are bringing back this tried and tested tactic, where text is incorporated into an attached graphic; image spam spiked to 10 percent of all spam.

“While legal entities and the security community have made strides in combating hosting servers that support malicious botnets, we’ve seen a number of new tactics from the spammers themselves taking hold in the first half of 2009,” said Bradley Anstis, director of technology strategy at Marshal8e6. “The rise of the Rustock botnet feeds the growth of blended threats. Rustock typically uses HTML templates from legitimate newsletters and inserts, or blends in, its own images and URL links. This helps give Rustock spam the appearance of professional, legitimate email which tricks recipients into clicking on the links or buying the advertised products.”

In addition to the rise in spam volumes, Marshal8e6 TRACElabs has observed a wave of legitimate Web sites being compromised by hackers and serving up spam to unsuspecting visitors. According to the report, roughly 70 percent of the Web sites hosting malicious content today are legitimate Web sites that have been hacked. This increases the risk for all users on the Web, and underscores the need both for employee education and effective security solutions to maintain the integrity of corporate networks.

“Web browsers are categorically one of the most dangerous applications on a user’s computer,” Anstis continued. “All it takes is a simple click on a link in a fake email or Facebook message to have your credentials stolen and your network compromised. It’s essential that users know what to look out for as they browse the Web and that their networks are protected by security technologies at the Web gateway that monitor for suspicious content.”

To read the full bi-annual TRACElabs report and learn more about the most critical threats facing Web and email users today, please visit: http://www.marshal8e6.com/documents/pdfs/trace/Marshal8e6_TRACE_Report_July_2009.pdf