Quick Links:
International co-operation vital as malware sources disperse
Hackers are spreading their operational bases further around the world, according to threat analysis from managed security firm, Network Box. During October, malware levels remained high, but threats originating from the ‘traditional’ top sources of malware (the US, China, Korea and Brazil) were all down on last month.
Spam
The level of spam originating from the US has dropped by three per cent in October, making the US now the fifth largest producer of spam. This is a significant decrease from a country that until recently was producing by far the greatest amount of spam. The fastest-rising spam threat now comes from Vietnam, now number two in the spam charts, producing 7.5 per cent of the world’s spam. This is just 0.4 per cent behind Brazil, still at number one.
China and Korea continue to vie for title of third largest source of spam, but both countries have seen a decline in spam levels (China down by two per cent and Korea down by one per cent).
Phishing
Network Box’s analysis of internet threats in October 2009 also clearly shows a drop of eight per cent in phishing attacks globally (from 33.2 per cent in September to 25.2 per cent in October).
Viruses
Brazil, the US and Korea are still dominating the virus charts as the top three sources of viruses, but all three countries have seen a drop of around two per cent month-on-month in virus activity. India continues to be a significant source of viruses, with 3.7 per cent originating from the sub-continent. Italy and Romania have entered the virus charts for the first time, producing 2.16 and 1.75 per cent respectively.
Simon Heron, Internet Security Analyst for Network Box says: “Phishing attacks are down from September’s high levels, but users and IT teams must still be vigilant. We’re seeing fewer malware attacks from the usual top sources, as malware producers spread their operations from traditional hubs such as the US and China. This highlights, once again, the importance of international co-operation in tackling malware.
“People who entrust their personal data to reputable websites need to be aware that even these sites can be hacked (as seen with the recent guardianjobs.co.uk attack) and should ensure that they use strong, frequently changed passwords and that their security software remains up to date with the latest patches.”
Top Ten Viruses
| Threat Name | Daily Average % |
|---|---|
| spam.phish.url | 25.27076 |
| packed.win32.krap.ah | 5.32908 |
| nbh-bgtrack | 4.81830 |
| clm.email.trojan-114 | 4.34829 |
| packed.win32.krap.ad | 3.00120 |
| trojan-downloader.win32.fraudload.wsut | 2.91765 |
| packed.win32.krap.w | 2.34951 |
| trojan.win32.vilsel.ihd | 2.31138 |
| nbh-bscript | 2.26212 |
| trojan-downloader.win32.fraudload.wspk | 1.82944 |
Top Ten Trojans
| Threat Name | Daily Average % |
|---|---|
| clm.email.trojan-114 | 0.12538 |
| trojan-downloader.win32.fraudload.wsut | 0.09471 |
| trojan-downloader.win32.fraudload.wspk | 0.08532 |
| trojan.win32.vilsel.ihd | 0.04454 |
| trojan.win32.vilsel.hrk | 0.03977 |
| trojan.win32.fraudpack.xek | 0.03510 |
| trojan-downloader.win32.fraudload.wsvr | 0.03469 |
| trojan-downloader.win32.fraudload.wuis | 0.03075 |
| trojan-downloader.win32.fraudload.wsti | 0.02828 |
| trojan.win32.vilsel.imq | 0.02213 |
Top Ten Intrusions
| Threat Name | Daily Average % |
|---|---|
| NETBIOS | 25.24807 |
| BOGON | 5.36037 |
| PINGFLOOD | 0.42997 |
| HTTP-S-WEBDAV | 0.05226 |
| HTTP-S-UNIXATTACK | 0.03381 |
| HTTP-S-WEBDEX | 0.02995 |
| HTTP-S-IISATTACK | 0.02865 |
| HTTP-S-NIMDA | 0.02278 |
| SOBIG-F | 0.02074 |
| ICMP | 0.00831 |
Top Ten Sources of Viruses
| Country | Daily Average % |
|---|---|
| Brazil | 14.16771 |
| US | 9.36499 |
| Korea | 4.27218 |
| India | 3.79227 |
| Argentina | 2.57109 |
| Columbia | 2.36788 |
| Italy | 2.16965 |
| China | 2.00121 |
| Romania | 1.75251 |
| Russia | 1.71513 |
Top Ten Sources of Spam
| Country | Daily Average % |
|---|---|
| Brazil | 7.90551 |
| Vietnam | 7.59576 |
| Korea | 5.53660 |
| China | 4.70909 |
| US | 4.51310 |
| India | 4.12785 |
| Poland | 2.54247 |
| Russia | 1.86269 |
| Columbia | 1.74923 |
| Argentina | 1.70800 |
Top Ten Sources of Intrusions
| Country | Daily Average % |
|---|---|
| Korea | 10.76370 |
| US | 10.59513 |
| Hong Kong | 8.16967 |
| Brazil | 5.78221 |
| China | 4.95709 |
| Vietnam | 4.07795 |
| Australia | 3.92023 |
| India | 2.42955 |
| Malaysia | 1.68875 |
| Russia | 1.02181 |
Top Ten Sources of Firewall Blocks
| Country | Daily Average % |
| US | 13.08238 |
| Malaysia | 12.99183 |
| Korea | 11.04428 |
| China | 10.16909 |
| Australia | 5.73187 |
| Hong Kong | 4.11280 |
| UK | 1.95475 |
| Taiwan | 0.96186 |
| Canada | 0.92095 |
| Brazil | 0.91200 |
For more information on security issues, see www.network-box.co.uk, or visit Simon Heron’s blog at: http://blog.network-box.co.uk/, or follow Simon on Twitter: http://www.twitter.com/networkbox.
View Demo
View the Network Box product demonstration
LP+
Thank you for all your support before, during and after the implementation. The level of support and service received was fantastic. The change over to the Network Box filters was smooth and everything went according to plan.
Sandip Mehta, Chief Technical Architect, LP+ Limited
Network Box urges UK government to focus on cybercrime as Britain climbs the virus charts
28th Jul 10
June saw the UK become the fourth largest producer of spam in the world, and it is now also the fourth largest producer of viruses, according to July threat statistics from managed security company, Network Box.
The number one virus producer remains the US, which has increased production by around one per cent (to 14.6 per cent). But India’s slight increase in production (from 9.2 to 9.5 per cent) was enough to move it to number two in the charts and see Korea drop to third place, with a decline in production of more than three per cent.
View all comment and analysis articles
Receive more news from Network Box
Subscribe to RSS Feed