Mail-borne polymorphic malware soars

Approximately 72% of all email-borne malware in September could be characterized as aggressive strains of generic polymorphic malware, says Symantec in its September 2011 Intelligence Report.

First identified in July, at the end of the month this rate was 23.7%. In August it fell slightly to 18.5% before soaring to 72% in September.

Further analysis also reveals that the social engineering behind many of these attacks has also accelerated, with the adoption of a variety of new techniques such as pretending to be an email from a smart printer/scanner being forwarded by a colleague in the same organization.

Although spam levels remained fairly stable during September, Symantec observed the use of identified vulnerabilities in certain older versions of the popular WordPress blogging software on a large number of Web sites across the Internet. Spam emails containing links to these compromised Web sites are also being spammed out. It is important to note that blogs hosted by WordPress themselves seem to be unaffected.

Additional research also reveals that JavaScript is becoming increasing popular as programming language by spammers and malware authors. JavaScript is increasingly used to conceal where spammers are redirecting, and in some cases, also to conceal entire Web pages.

Vertical and geographical trends:

  • Saudi Arabia remained the most spammed geography, with a spam rate of 84.0 percent, followed by Russia
  • South Africa has topped the list of countries targeted with phishing
  • Hungary has climbed to the top of the list of countries targeted with email-borne malware, followed by Switzerland
  • the Automotive industry sector remained as the most spammed industry sector, followed by the Education and Chemical and Pharmaceutical sectors
  • the Public Sector remained the most targeted by phishing activity in September, as well as by malicious emails.

For more details, download the report here.