MessageLabs Intelligence 2007 Annual Security Report: A Year of Storms, Spam and Socializing With the Enemy

MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the launch of its MessageLabs Intelligence 2007 Security Report. The annual report highlights how 2007 has been a year of diversity due to the vast number of new tactics, techniques and trojans entering the security market during the last twelve months.

Spam retains the title of "dominant menace" with annual spam levels reaching 84.6 percent but rather than just playing the volume game, the spammers also introduced an additional ten percent of new and previously unknown spam attacks than in 2006. The notorious Storm botnet which appeared on the threat landscape early in 2007 is likely to take some credit for the increased innovation, especially through its distribution of 15 million emails with MP3 attachments, new to the market in October.

"2007 will be a memorable year for the security industry for many reasons. With consumers handing cyber criminals their personal details through social networking sites and the Storm botnet literally taking the market by storm, it has been an attention-grabbing twelve months," said Mark Sunner, Chief Security Analyst, MessageLabs. "Although targeted attacks seem to be high on the threat agenda, the war between businesses and the bad guys significantly heightened in 2007 as new threats appeared from every angle and on every communications channel. If 2008 is as frenzied as this year, businesses need to prepare for battle and ensure they have their protection in place."

As the year progressed, so did the variety in file attachments being used as well as the transition to using malicious links, which are able to travel under the radar of signature-based anti-virus technology provoke less suspicion for the email recipients. At the beginning of the year, only three percent of email-borne viruses contained malicious links; however, by December, 25 percent of emails had a vicious link. The trend towards malicious links demonstrates how virus writers are becoming increasingly sophisticated in the malware they create in order to avoid detection and increase their chances of penetrating a vulnerable system.

Socializing with the enemy

2007 also saw the emergence of threats targeting the fast growing and vulnerable area of social networking. Web sites such as Facebook, Linked-In and Plaxo present rich-pickings to cyber criminals looking to gather personal information for use in identity theft or targeted attacks. During 2007, several significant waves of targeted attacks appeared, primarily with C-level and senior executives being the recipients of such attention. Levels rose from one attack per day in 2006 to more than 1,100 over a 16-hour period during September 2007. The most recent wave occurred in November when the first sector-specific attack took place with almost 1,000 individual attacks aimed at the Financial Sector. MessageLabs clients are becoming increasingly wary of these sites, with the category which social networking tools fall under being the third most commonly triggered policy-based filtering rule on MessageLabs Web Security Services.

"The rapid adoption rate of social networking sites such as Facebook has inevitably been exploited by cyber criminals intent on adding the content in these sites to their portfolio of tools," Sunner said. "As we have seen in the past, mass adoption of new communication or web-based tools is often followed by a rise in the number of threats against it, and the 'Facebook' effect will present new challenges to corporate and personal online security."

The rise in targeted attacks was also matched by an increase in the number of phishing attacks, which shadowed the number of virus attacks at two separate points during the year, January and June. In addition, when measured as a proportion of all malware attacks, phishing attacks now account for 66 percent of all attacks, a steep increase when compared with the average of 24.8 percent in 2006.

Top Trends in 2007

Web Security: In 2007, MessageLabs identified an average of 1,253 new web sites per day harboring malware, which equates to almost half a million new malicious web sites appearing throughout the year.

Spam: In 2007, the annual average spam rate was 84.6 percent, a slight decline on the 2006 figure statistic of 86.2 percent although the proportion of spam that is new and previously unknown has increased by ten percent. Text, images, ZIP, RAR, XLS, RTF, PDF and MP3 spam were all seen in file attachments during the year.

Viruses: The average virus level for 2007 was 1 in 117.7 emails (0.8 percent), which reflects a fall of 0.6 percent since 2006, where levels averaged at 1 in 67.9 emails. Unlike the plateauing spam levels throughout 2007, virus levels rose and fell throughout the year with September levels reaching the highest ratio experienced in 18 months with 1 in 48 emails containing a virus or trojan. The impact of the Storm botnet was apparent as Zhelatin, one of the names given to the malware used to infect computers with the Storm botnet trojan, was ranked the second most intercepted email virus of 2007.