Symantec released it's MessageLabs Intelligence 2010 Annual Security Report on December 7th, 2010. As I read through the information they provided I pondered what I have seenover the last year. I am the Security Administrator for a small ISP in the midwest. We have had a very busy year and it seems like we are always trying to cleanup a mess that one of our customers has made. From virus infected computers to buggy website design we have seen some pretty interesting events take place. Some of the botnet activity that the report discusses did indeed originate from our customers infected machines. I struggle everyday with exactly how to get a handle on the problem. Each and every time I get abuse reports indicating that one of our customers has a computer/mail server sending out spam, I use it as an opportunity to educate the customer. Many of the customers that I talked to were not using anti-virus or they had anti-virus but didn't realize that it has to berenewed every year. Many of the customers were using programs that are prone to opening up a big old hole on their computer inviting the bad guys to come on in. Looking at the information provided in the report we see that Symantec estimates the total number of botnets worldwide is between 3.5 and 5.4 million. According to their findings Rustock still dominates the botnet world and is responsible for some 44 billion spam emails a day. Grum and Cutwail are in second and third place and are believed to be responsible for a large amount of the malware infections that have taken place over the last year.
The report provides some statistical observations for 2010.
Top Trends in 2010
Web Security: For 2010, the average number of new malicious websites blocked each day rose to 3,066 compared to 2,465 for 2009, an increase of 24.3 percent. MessageLabs Intelligence identified malicious web threats on 42,926 distinct domains, the majority of which were compromised legitimate domains.
Spam: In 2010 the annual average global spam rate was 89.1 percent, an increase of 1.4 percent on the 2009. In August, the global spam rate peaked at 92.2 percent when the proportion of spam sent from botnets rose to 95 percent as a new variant of the Rustock botnet was seeded and quickly put to use.
Viruses: In 2010, the average rate for malware contained in email traffic was 1 in 284.2 emails (0.352 percent) almost unchanged when compared with 1 in 286.4 (0.349%) for 2009. In 2010, over 115.6 million emails were blocked by Skeptic representing an increase of 58.1 percent compared with 2009. There were 339.673 different malware strains identified in the malicious emails blocked. This represents more than a hundred fold increase over 2009 and is due to growth in polymorphic malware variants.
Phishing: In 2010, the average ratio of email traffic blocked as phishing attacks was 1 in 444.5 (0.23 percent), compared with 1 in 325.2 (0.31 percent) in 2009. Approximately 95.1 billion phishing emails were projected to be in circulation in 2010.
The report says It is predicted that in 2011 botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view perhaps within images or music files distributed through file sharing or social networking web sites. This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure thus minimizing the chances of discovery.
What are you planning on doing in 2011 to minimize the impact on your network and to prevent your computers from being the victim? What do you anticipate your biggest threat to be for 2011?
Deb Hale Long Lines, LLC
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.