Facebook coming under increasing attack from phishers notes Kaspersky Lab

By Kaspersky Lab

Kaspersky Lab, a leading developer of secure content management solutions, announces the publication of its monthly report on spam activity for July 2010, as well as the top malicious malware detected in August 2010.


Throughout July, the share of spam messages in mail traffic averaged 82.9%. Links to phishing sites were found in 0.03% of all email traffic. The most popular social network site, Facebook, took over eBay's 2ndplace ranking in the list of organisations most often attacked by phishers. Facebook accounted for 12.81% of phishing messages, more than three times as much as in the previous month. The e-commerce business PayPal remained in first place after being targeted by over half (53.48%) of all phishing attacks.


The USA and India maintained their leading positions as the most popular sources of spam. These countries distributed 1.5 times as much spam compared to June 2010 (17.2% and 9% respectively). Europe caused the most noticeable change in July's rating with the UK, Germany and Italy all making it into the Top 10. The total volume of spam originating from their combined territories increased by 50 percentage points compared with the previous month. Two newcomers to the top twenty were high-tech Hong Kong (17th place with 1.8%) and Taiwan (19th place with 1.3% of spam).


In terms of malicious malware detected, Kaspersky Lab found that in August there was a significant increase in exploits of the CVE-2010-2568 vulnerability. Worm.Win32.Stuxnet, which notoriously surfaced in late July 2010, targets this vulnerability, as does the Trojan-Dropper program which installs the latest variant of the Sality virus – Virus.Win32.Sality.ag. Unsurprisingly, black hats lost no time in taking advantage of this latest vulnerability in the most commonly used version of Windows. However, on 2 August 2010, Microsoft released MS10-046 which provides a patch for the vulnerability. This update was rated 'Critical', meaning it should be installed as soon as possible on all computers running the vulnerable operating system.


In terms of the top 20 malicious programs detected, Kido (aka Conficker) remains in first, third and fourth place, while the file infectors Virus.Win32.Virut.ce (eighth place) and Virus.Win32.Sality.aa (second place) have also held on to their positions. Trojan.JS.Agent.bhr (fifth place) and Exploit.JS.Agent.bab (sixth place) have also maintained their positions, merely swapping places.


The July 2010 rankings mentioned a new vulnerability in Windows LNK shortcuts, which was later dubbed CVE-2010-2568. As expected, cybercriminals started actively exploiting this vulnerability - the August 2010 rankings include three pieces of malware which are linked to CVE-2010-2568 in one way or another. Two of these directly exploit the vulnerability while the third, uses it to propagate. It generates vulnerable LNK shortcuts with names designed to attract attention and spreads these across local networks. The malware is launched when a user opens a folder containing one of these shortcuts. Furthermore, three more exploits in of the rankings target vulnerabilities in software using a Java engine.


The full versions of the spam report for July 2010, as well as the August 2010 Monthly Malware Statistics are available at www.securelist.com