The numerous antivirus software reviews published by the computer security companies are great for picking up trends that are being played out across the globe.

And the monthly report from computer security giant Symantec is no exception. This is a comprehensive antivirus software review which looks at, amongst other things, geographical trends and vertical trends.

In terms of geographic trends, the global situation as regards spam, email borne viruses and malicious content are examined.

Notably, the country of Oman has the dubious distinction of being the most spammed in March, with a rate of 87.9%. In the US, the figure was 79.6% and 79.4% in Canada, with the UK not far behind at 79.1%. As regards the country which is the most targeted by email borne malware, this was Luxembourg. Here is was discovered that one on 26.2 emails blocked were deemed to have malicious content attached. In the UK, this figure dropped to one in 98.8 emails and in the US, one in 507.9.

When you look at the vertical trends (and particularly at the sector which are being attacked), further themes become obvious. Currently, the most spammed industry is automotive with a spam rate of 82.3%. In the education sector it was 81%; IT was 79.8%; chemical and pharmaceutical 79.6%; retail 78.8% and 78% for finance.

One might expect a slightly higher figure for finance, given the amount of attacks it receives, but the differences between each sector is minor, confirming that attacks are across the board, and not always aimed at one particular sector.

Guest Article by Neil Camp 

The latest antivirus review from leading computer security company Symantec, which develops and markets the Norton range of products, has headlined its report with the news that global spam has dropped by a third.

The Symantec antivirus review notes that the infamous Rustock botnet has been dismantled, leaving the Bagle botnet to become the most active.

It’s been estimated that prior to its fall, the Rustock botnet was responsible for nearly 30% of the world’s global spam traffic, which equates to around 14 billion spam emails a day.

But although spam levels dropped by a third, other botnet have taken the vacuum created by Rustock, notably Bagle which takes the number one position as top spammer.

Paul Wood at Symantec said:
“It remains to be seen whether the criminals behind Rustock will be able to recover from this coordinated effort against what has become one of the most technically sophisticated botnets in recent years. Rustock has been a significant part of the botnet and malware landscape since January 2006, much longer than many of its contemporaries.”
 
“Botnets have been and remain a destructive resource for cyber criminals and through the years have become the spammers’ air-supply, without which it would be very difficult for them to operate. Botnets are also used for other purposes such as launching distributed denial of service attacks, hosting illegal web site content on infected computers (known as bots), harvesting personal data from them and installing spyware to track the activities of their users.”

The antivirus review also reported that the number of email borne viruses is virtually static at one in 208.9 emails in the month of March. And of those infected emails, nearly 65% of them directed traffic towards malicious websites, a slight decrease on the previous year.

When it comes to phishing, there was a very slight decrease in activity in March, with one in 252.5 emails.

As for websites which might be harbouring malware, the antivirus review stated that around 3,000 websites a day are home for various malware and other unwanted programmes which included spyware and adware, although this was down an encouraging 28% since February.

Guest Article by Neil Camp 

Software antivirus giant Symantec – developer of the Norton brand of products – has issued its January 2011 MessageLabs Intelligence Report.

Symantec, one of the largest software antivirus companies in the world, revealed in its latest monthly report that global spam levels were down, although it still accounts for some 78.6% of all email traffic sent. And that’s the lowest since March 2009 when the rate had dropped to 75.7%.

The drop, says Symantec, was due mainly to three botnets – Lethic, Rustock and Xarvester – stopping operations and disagreement amongst a number of pharmaceutical spam-sending gangs.

A senior analyst at Symantec said:
“The closure of spam affiliate, Spamit, was partially responsible for the disruption to spam output. However, there are likely other factors at work, such as consolidation and restructuring of pharmaceutical spam operations which has led to instability in the market likely to be exploited as a business opportunity by other spam gangs. We expect to see more pharmaceutical spam in 2011 as new pharmaceutical spam brands emerge and botnets compete for their business.”

Botnets are hugely important when it comes to spamming and its reckoned that they were responsible for much of the spam circulating the globe. Indeed Rustock accounted for nearly half of all spam sent and on day alone, might have sent in the region of 44 billion spam emails. This gives it the distinction of being the single largest spam-sending botnet.

The Symantec analyst said about Rustock:
“At various points during Rustock’s history, the botnet has often exhibited irregular spamming patterns by sending huge volumes of spam before going quiet for several weeks at a time. But throughout 2010, its spamming pattern was more regular and it had been active non-stop until December 2010. Our investigation revealed no evidence of Rustock being disrupted in any way either by law enforcement or through other action.”

The bad news is though, that Rustock has resumed spamming – although not at its previous levels – and the Bagle botnet has taken over where the others left off, accounting for 20% of all spam emails; a figure which is growing.

Other parts of the report show that the number of email borne viruses is down as well, with one in 364.8 contained a virus, which equates to 0.274% and compares with the previous figure of 0.3%. And phishing slightly increased, with one in 409.7 emails explaining a get quick rich scheme.

Which goes to show that the need for software antivirus programmes has not at all lessened.

Guest Article by Neil Camp 

Whilst many computer users are rightly obsessed with protecting their systems with the best antivirus programmes they can find, the Virus Bulletin has reported that the latest monthly ‘Patch Tuesday’ from Microsoft contained a whopping 17 alerts.

And these 17 alerts covered 40 separate vulnerabilities which make it a hard job for anyone trying to maintain best antivirus status a tricky job. Only two of these were categorised as ‘critical’, but that does not mean that the others aren’t dangerous enough to wreak havoc in innocent users’ systems. The two critical alerts also included fixes and patches for the Internet Explorer browser; a standard in most rounds of security patches.

So, what is a patch exactly, and how does it benefit users? A security patch is released to fix problems with all aspects of a computer, such as programmes and browsers. It is a nifty piece of software that is a saviour for many users and their concurrent computer problems. These can range from vulnerabilities in a computer or programmes’ security, to improving the usability and effectiveness of a particular programme.

When it comes to even bigger problems, ‘patches’ are given a different name. Large fixes of big problems, or to solve difficult issues, are often called ‘service packs’ or ‘software updates’. This kind of terminology is commonly used by Microsoft and its various Windows services.

A ‘patch’ can, therefore, be a blessing to users as it solves many niggling issues as well as large and debilitating problems. The alerts are therefore an important part of a users responsibility to keep their computer safe and well. Microsoft urges users to apply the patches as soon as they can. It is particularly important in a year beset with problems; Symantec claims that this large batch of patches takes the total for the year over 100, the first time that this has ever happened.

Patches are therefore part of the important fight to keep computers healthy and effective for their users. This particularly large batch of patches highlights the need for up to date and consistent updating of products to provide the best antivirus care to computers.

Guest Article by Neil Camp 

The latest report from Symantec – the developers of Norton, one of the best antivirus software suites available on the market today – is marked by the conclusion that targeted attacks have dramatically increased over the last five years.

The developers of Norton – which many independent testers have labelled one of the best antivirus software products – believe that whereas five years ago there were around two attacks per day in 2005,it reckons there are over 70 attacks per day now.

Targeted attacks are where cybercriminals such as phishers launch a particular attack against an organisation en masse, trying to break down its defences and secure a breach in the computer defences.

In October, the retail sector has been particularly hit and up to 25% of all attacks were targeted in their direction (over 500 separate incidents)..

Spear phishing attacks are the most common form of assault and its believed that one in 1.26 million emails were sent as a targeted attack.

Each month, it is thought that between 200 and 300 individual organisations are targeted. And often it’s the same people within the organisations that are being targeted, but different exploit models are used, varying the attack.

A senior analyst at Symantec, Paul Wood, said:
“While targeted emails by nature are sent in low volumes, they are one of the most damaging types of malicious attacks. We have seen a constant influx of targeted attacks over the past six months with the type of organization targeted changing on a monthly basis and the number of targeted users increasing each month. Although the number of unique attack exploits being deployed has diminished slightly, the number of attacks used by each exploit has increased.”

Mr Wood went onto say that:
“Of the 516 attacks, only six organizations were the intended targets but two of them were mainly targeted one of which was the target of 63 percent of the 516 attacks. The spear phishing attacks, launched in three waves each one week apart, used social engineering techniques to distribute legitimate-looking emails from HR and IT staff of the targeted organization but in actuality contained malicious attachments.”

“Examination of the attacks’ timing and techniques suggests a methodical approach on behalf of the attackers. In the case that the recipient clicked on any of the three malicious attachments, a backdoor Trojan would have been installed onto the computer with the potential for the attacker to gain access to any sensitive personal information or valuable corporate data on the machine.”

The report also highlighted a number of other issues.

As regards spam in October, the amount of spam emails in legitimate emails was one in 1.4 (representing nearly 88%), but a decrease over September by nearly 5%.

Regarding viruses, the number of ‘nasties’ born by emails was one email in 221.9 (some 0.45%). This was again slightly lower compared to September.

As to the where the viruses ‘pointed’, a total of 15.5% linked to malicious websites, a significant increase of nearly 16% over September.

Endpoint threats (those which are directed as such devices as PCs, laptops and servers), it was revealed that the Trojan most blocked during October was the Sality.AE virus. This infects executable files and tries to download malicious files from the internet into people’s systems.

Phishing slowed slightly in October according to the Symantec report, with one in 488 emails an attack email (a very slightly reduction from September).

In terms of geography, the report provides some chilling statistics, including the slightly odd fact that the tiny state of Luxembourg was the most spammed in October, recording a spam rate of 94.9%. Mind you, the US, Canada and the UK were not far behind, recording spam levels of 91.6%, 91.3% and 91.1% respectively.

The UK had the dubious distinction of having more emails containing malware than anyone else, with one in 127.1 emails being sent with nasty attachments.

As regards individual sectors, the most spammed industry was automobile (93.5%), with education the next highest at 92.1%.

And the sector most targeted with email is Government/Public with an embarrassing one in 43.2 emails containing malware. Compare that with the IT sector which saw one in 224.4 emails.

It looks like Symantec, which produces one of the best antivirus software tools that individual users and companies can use, certainly has its work cut out.

Guest Article by Neil Camp