Increase generic polymorphic malware activity: rpt

CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Symantec Corp. today announced the publication of its July 2011 Symantec Intelligence Report, now combining the best research and analysis from the MessageLabs Intelligence Report and the Symantec State of Spam and Phishing Report.


This month’s analysis reveals a significant increase in activity related to what may be described as a aggressive and rapidly changing form of generic polymorphic malware. With one in 280.9 emails identified as malicious in July, the rise accounted for 23.7 percent of all email-borne malware intercepted in July; more than double the same figure six months ago, indicating a much more aggressive strategy on the part of the cyber criminals

Also read: New 'Untag Yourself' spam on Facebook 


Spam: In July 2011, the global ratio of spam in email traffic rose to 77.8 percent (one in 1.29 emails); an increase of 4.9 percentage when compared with June 2011. Saudi Arabia remained the most spammed geography, with a spam rate of 85.6 percent Russia remained the second most-spammed.

Phishing: In July, phishing email activity increased by 0.01 percentage points since June 2011; one in 319.3 emails (0.313 percent) comprised some form of phishing attack. Phishing attacks in the UK increased to overtake South Africa and become the most targeted geography for phishing emails in July, with one in 127.9 emails identified as phishing attacks.

Targeted phishing, mobile attacks on rise: IBM


E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 280.9 emails (0.333 percent) in July, an increase of 0.01 percentage points since June 2011. Email-borne malware attacks rose in South Africa as the country became the geography with the highest ratio of malicious emails in July, overtaking the UK as one in 125.2 emails was identified as malicious in July

Web-based Malware Threats: In July, Symantec Intelligence identified an average of 6,797 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 25.5 percent since June 2011.

Endpoint Threats:  The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit<1>, a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions. Variants of the Ramnit worm accounted for 17.3 percent of all malicious software blocked by endpoint protection technology in July.