Jump to content
xisto Community
Sign in to follow this  
Saint_Michael

White Paper: Security Threat Report: 2008

Recommended Posts

I saw this white paper and I thought I bring down some interesting information that has come from 2007 and leading into 2008. I have to say though that the information on this white paper is pretty darn mind blowing as I bounce some facts to everyone. Of course since I been getting into this since last year it is not all that surprising since I posted many topics about it as well.

 

-Sophos currently sees 6,000 new infected webpages each day

-One infected page every 14 seconds

-Only about 1 in 5 of these sites is a hacker site

-83 percent are hacked sites, or legitimate websites that have been compromised by an unauthorized third party.

-Biggest form of Malware is Mal/Iframe

--Has hit over 10,000 legitimate websites from Italy alone

-Hosting of Malware comes From China (51.4%), USA (23.4%), and Russia (9.6%)

-Servers that have been affected the most

 

--Apache at 48.7%

--IIS 6 40.6%

--nginx 3.4%

--GFE 3.9%

--Other 3.4%

 

Of course, not surprising enough most of the malware written has come from China but interestingly enough it would seem Brazil is a big Malware writing country as well. Even though a few articles are saying Russia are the King of Malware producers.

 

EMAIL THREATS

-2005 1 in 44

-2006 1 in 337

-2007 1 in 909

 

As you will notice with that number, you actually see a decline in threats via email in the last 3 years, and yet billions of emails are being sent out daily though, but people are becoming more aware of the threats that come from these unknown emails. Although, the attachments are declining the links to bad websites are on the rise though, and that is where people are becoming victims because they would trust the website, but in fact they are booby traps. Of course their was an article out saying that malware designers have been google bombing last few months trying to spike the rankings to infected website as well when people search on google.

 

Worm of 2007

 

If some of your remember my topics on the Storm work way, way back it would seem that the Storm Worm has been the most destructive worm of that year.

 

TIME LINE Of the Storm Worm

Early January 2007: Starting as Happy New Year malware5 which spread malicious greetings via email attachments, the hackers changed their tack in January using news-related events to encourage recipients to click on what claimed to be video content. One of these disguises, which had subject lines such as 230 dead as storm batters Europe6, gave the worm its popular name of Storm.

 

Late January 2007: The Storm worm turned to love in a major new attack as St Valentines Day approached7, and in the run-up to US Independence Day on 4th of July8 the malware gang aggressively took advantage of the celebrations with another malicious ecard campaign. On this occasion, the email contained a web link to compromised zombie computers hosting a Trojan horse. August 2007: Storm used a wave of malicious emails which posed as links to YouTube videos9, and then posed as links to music videos of popstars like Beyoncé, Rihanna and The Eagles. If infected, hackers could use victims computers to steal personal information, spam out malware and junk email, or launch distributed denial-of-service attacks against innocent parties.

 

September 2007: The Storm worm took advantage of the NFL Kickoff weekend10 and spammed out an email campaign with links to a hacked website, which would drop malicious code onto insufficiently protected computers. November 2007: The hackers tried to scare email users into believing their telephone conversations were being recorded11, but the ruse was designed to get people to buy bogus security software. In reality, however, the attached MP3 file was a malicious executable program that installed further malware onto the victims computer which it downloaded from a dangerous website. Amongst these was a piece of scareware which displayed a fake Windows Security Center alert and tried to convince the victim to purchase bogus security software.

 

December 2007: The criminal hackers behind the Storm malware showed no signs of letting up and continued their offensive attacks, sending emails claiming to point to websites offering pictures of a stripping Mrs Clause12 and Happy New Year messages13

 

The main goal of the creators of the storm worm was to use topical news stories, electronic greeting cards, videos and fear tactics so gt people to infect their computers with this worm, and if I remember my numbers correctly it was well over 20,000 computers that got infected with this worm. Sadly though I don't they found a way to break this worm yet and officially defend against since the Storm Worm keeps on changing as the months go by.

 

Root kits have made a big come back as well last year, but of course always the big one is detection evasion in which designers code their stuff to hide their presence from Security suites. However as it comes with producing the stuff finding malware, spyware, viruses have made huge improvements as well; the following list shows the successful rate of detection by security companies:

 

Sophos 86%

Kaspersky 69%

Trend Micro 68%

F-Secure 67%

Symantec 66%

McAfee 55%

Microsoft 48%

ClamAV 42%


So as you can tell the big names able to dectect more as their software has improved over the years.

 

Spam Facts

-95% of email is spam

- Top 12 producers of spam are:

United States 22.5%

India 2.6%

Italy 2.7%

Spain 2.7%

Turkey 3.1%

Germany 3.5%

France 3.5%

Brazil 3.8%

Russia 4.7%

Poland 4.9%

China (incl HK) 6.0%

South Korea 6.5%

Other 33.5%


-Since 2005 US, South Korea, and China have been the top spam producers in the world, and that has not change statistically either. Of course now articles are coming asking for design who know several languages to help virus and malware writers to design website in specific languages besides English.

 

- Pump-and-dump spam is the biggest type of spam sending, you usually this in when you get stock tip emails or the Viagra emails as well.

 

I thought I end on that note, and attached here is the full report on security stuff that has gone on since 2007 and what is expected in 2008. So check out the document and see what the computer underground has been doing since last year as the report talks about Apple, Mobile phones and Wi-Fi devices, Social networking (ID Theft), Securing the business network, State-sponsored cybercrime, and of course big time arrests of big timer spammers and malware designers.

 

sophos_security_report_08.pdf

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.