The undisputed top threat of the period, however, is the Peed trojan, variants of which account for more than 30% of all threats detected. Trojans are apparently all the rage, with a generic behavior-based trojan signature coming in second place - what this means is that a lot of different pieces of malware that behaved like trojans were detected and blocked pro-actively, before being assigned names and specific signatures. These pro-active detections make up another 21.4% of total detections.
Another notable threat in the top ten is, at number 7, the Win32.Sality.M virus, the only "true" virus to make it into the top ten, highly-dangerous polymorphic virus which has been spread using another virus, the Bagle mass mailer, as one of its vectors. Interestingly enough, Bagle itself has not made it into the top ten
"Rank" "Name" "%"
1 "Trojan.Peed.Gen" 27.19
2 "BehavesLike:Trojan.Downloader" 21.4
3 "Win32.Netsky.P@mm" 5.62
4 "Trojan.Peed.A" 2.37
5 "Win32.NetSky.D@mm" 1.87
6 "Win32.Nyxem.E@mm" 1.86
7 "Win32.Sality.M" 1.85
8 "GenPack:Trojan.Downloader.Tibs.I" 1.33
9 "Trojan.Peed.P" 1.3
10 "Win32.Netsky.AA@mm" 1.22
"OTHERS" 34
On the antispam front, the BitDefender team has produced a statistic of the most common types of image spam messages, which seems to indicate that penny stock pump-and-dump scammers choose image spam as their medium of choice, with Viagra(r) peddlers a distant second:
stock - 75%
drugs (sex-related) – 8.1 %
replica watches - 5 %
mortgage - 4 %
phishing - 2 %
porn - 2 %
diploma - 1 %
meds (weight-loss related) – 0.9 %
travelling - 0.5 %
software - 0.5 %
Others - 1%
On the other hand, drug pushers seem to prefer text, even overwhelmingly so (56.2% of all text spam is drug-related), while replica watch deals hold third place in both types of spam.
drugs (sex-related) – 42.5 %
drugs (weight-loss related) – 13.8 %
replica watches – 9.1 %
mortgage – 7.4 %
phishing – 4.2 %
electronics – 3.8 %
traveling – 3.6 %
stock – 3.6 %
software - 2.5 %
diploma – 2.1 %
grant 1.5 %
dating 0.5 %
others – 3 %
New types of spam have emerged in 2007, most notably hosted-image spam, which doesn’t contain an image, just a link to a website which hosts it, as well as spam with attachments other than images (such as PDF).
In terms of anti-antispam measures, the latest trends are the use of malformed mail boundaries (which makes it hard to unpack e-mails for inspection) and the use of malformed HTML code in an attempt to confuse parsers. Contrariwise, Bayes poisoning and word obfuscation seem to be used less and less.
"The most worrying new trend is that the age of the "spam run" seems to be drawing to an end. Spammers e-mail fewer targets at a time, while introducing small variations in every e-mail sent, in hopes to avoid timely detection." head of BitDefender antispam lab Vlad Valceanu declared. "We’ll be seeing more of that in the next semester, as well as more use of attachments, possibly even embedded Flash" he concluded.
R S S feed
