IronPort Report on Spam, Viruses and Malware, Highlights Trends of 2007 and Predictions for 2008

Market Wire, December, 2007

IronPort Systems, a Cisco business unit and a leading provider of enterprise spam, virus and spyware protection, today announced the availability of its 2008 Internet Security Trends Report. The IronPort report highlights the key security trends of today and suggests ways to defend against the sophisticated new generation of Internet threats certain to arise in the future.

Amateur Hour is Over

"2007 marks a turning point. Just when malware design seemed to have reached a plateau, new attack techniques have burst forth, some so complex -- and obviously not the work of novices -- they could have only been designed by means of sophisticated research and development," said Tom Gillis, Vice President of Marketing for IronPort. "For a time, security controls designed to manage malware were working. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and its sophistication increased.

Information is the New World Currency

Spam, virus and malware attacks are costly. The average user spends 5-10 minutes a day dealing with spam. Clean up cost are estimated at $500 per desktop. Even more costly is data loss. Whether it's a malicious attempt, or an inadvertent mistake, data loss can diminish a company's brand, reduce shareholder value, and damage goodwill and reputation. Electronic communications and data in motion is the most significant data loss vector in the enterprise today. Current firewall and other network security solutions do not include data loss prevention capabilities to secure data in motion. Important controls, such as content scanning, blocking of communications containing sensitive data and encryption, are missing. An estimated 60 million people have had data about themselves exposed over the past 13 months, and there has been an estimated 20 Billion dollars spend in clean-up costs and lost productivity worldwide. As much as 60 percent of corporate data resides on unprotected PC desktops and laptops. In addition, 48 percent of organizations do not have a policy for notifying customers when their private data may be at risk.

Looking Ahead: Social Malware

Modern malware borrows characteristics from the social networking and collaboration sites associated with Web 2.0. Today's malware (like the "Storm" Trojan) is collaborative, adaptive, peer-to-peer and intelligent. It flies under the radar -- living on enterprise or residential PCs for months, or years, without detection. The new variants of Trojans and malware will be increasingly targeted and short lived. This makes them even harder to detect. The old attitude of "what I can't see won't hurt me" is no longer valid. Corporations are under increasing pressure to ensure the integrity of their sensitive information -- be it credit card numbers, corporate earnings information or new product plans. Malware writers are building sophisticated peer-to-peer networks that are designed to harvest this data, and at the same time are harder and harder to detect and stop. IT security teams need to take steps to measure malware traffic in their network and deploy a comprehensive security system that includes advanced techniques such as network based threat detection and network access control.

Additional Findings and Statistics

The overall trends in spam and malware can be characterized by a larger number of more targeted, stealthy and sophisticated attacks. Specific observations include:

--  Spam volume increased 100 percent, to more than 120 billion spam
    messages daily. That's about 20 spam messages per day for every person on
    the planet. IronPort measurements have shown that enterprise users get
    anywhere from 100 to 1,000 spam messages per day.
--  Spam has become less focused on selling product, and more focused on
    growing spam networks. Earlier versions of spam attacks were primarily
    selling some type of product (pharmaceuticals, low interest mortgages,
    etc.). However, today's spam includes an increasing amount of links that
    point to websites distributing malware. This malware is often designed to
    further extend the size and scale of the botnet that originated the spam in
    the first place. During 2007, IronPort's Threat Operations Center measured
    a 253 percent increase in "dirty spam" (spam containing links that pointed
    to known malware sites). This is further evidence of the trend that malware
    writers are using both email and Web technologies blended together to
    propagate threats.
--  Viruses are less visible, but increasing in number. Virus writers have
    evolved from the previous mass distribution attacks, such as "Netsky" and
    "Bagel." In 2007, viruses where much more polymorphic and typically
    associated with the proliferation of very sophisticated botnets, such as
    "Feebs" and "Storm." In one week alone, the IronPort Threat Operation
    Center detected more than six variants of the Feebs virus, each of which
    began spreading exponentially before signatures could be created.
--  The duration of a particular attack technique decreased substantially.
    In previous years, spammers would employ a typical technique, such as the
    use of embedded images, for months. More recent techniques, such as MP3
    spam, lasted only three days. But there are more of these smaller attacks.
    Where as in 2006 image spam was the primary new technique, 2007 saw more
    than 20 different attachment types used in a variety of short-lived attack
    techniques.