Sophos Midyear Threat Report July08 P1of1

Mid Year Report : Malware, Spam and Web Threats 2008 Mark Harris Director of SophosLabs

Agenda Malware – The size and shape of the problem Spam – China and beyond

Phishing – Socializing Web – The threat to your reputation Not just a Microsoft problem Summary

2

Malware – The Size and Shape Up to 20,000 samples per day! Automation and proactive detection is key June 2008 158 updates 781 identities 60% were Trojans 10% Behavioral Genotype

3

Malware – Return of the Virus Complex viruses becoming more common Infects files Harder to remove Continuously developed

Sality First seen in 2003 Kuku = „Hide and seek‟ Currently on version „5.04 (Exp)‟

4

Shift in Delivery Only 1 in 2500 emails have malware attachments Down from 1 in 332 in same 2007 period Shifted to „links in email‟ Long tail of „Old‟ malware PushDo – new malware,

old technique

5

Spam – China and Beyond 96.5% of email is spam New spam web page every 20 seconds

Moving to Chinese domains Harder to get information Easier to register

Backscatter Non-delivery reports of spam Do you click on spam? 1 in every 530 page requests were to spam URLs 6

Pump and Dump Done? Volumes have dropped from 30+ % of all spam to less than 1%

Very few stock symbols being „spamvertised‟ Market slowdown? SEC crackdown? Moving to “short selling” “Amazon having troubles”

7

Phishing - Socializing Not just financial Banks Tax payers Auction Payment sites

Also Social Facebook

8

Social Targets Social networking sites increasingly targeted Spam Scam Adware

9

Spear Phishing Very targeted activity Use Facebook, LinkedIn, etc. to identify targets University of Waterloo Oak Ridge National Lab

University of Minnesota

Can also be used to target malware Subpoena CEO = Install keylogger

Remember Phishing works on all platforms! 10

Web – The Threat to Your Reputation 16,173 new malicious web pages a day!  One every 5 seconds 1 in 2000 page requests were to malicious sites Over 90% are hacked sites

Major brands affected Euro 2008 soccer tournament UK broadcaster ITV

Cambridge University Press Lawn Tennis Association Trend Micro Sony PlayStation

11

SQL Injection Attacks Mal/BadSrc – 29% of infections in June ‟08 Simple attack method Search for vulnerable servers Target attack Inserts iframe snippets into every page

Variety of payloads Including „scareware‟

12

Not Just a Microsoft Problem Nearly 60% compromised web sites running Apache Growing market share of Mac makes malware worthwhile Poisoned ads – scareware Mac Trojans

13

What about Mobile? Malware – Very Low Threat No single platform, but …. iPhone update was Trojanized

Spam Txt message spam. Limited in the West, but …. 353.8 Billion „spam‟ messages in China 438,668 complaints Many are simply advertising – 36% Also fraudulent – 39% 14

What About Linux? Not Just Web Servers 70% of attacks on Linux honeypot, infected with a 6 year old virus Linux servers used as command and control for botnets Rst-B analysis shows global problem

Thousands of compromised servers

15

SophosLabs global network ofBetter experts SophosLabs™ Knows Threats Than Anyone

16

Sophos Security and Control Solutions

17

Summary Malware growth continues Proactive detection is critical

Financial motivation for most threats including spam Spam still makes money!

Web represents biggest threat To users, and your corporate reputation

Don‟t forget other platforms Mac increasingly targeted Linux could be your „typhoid Mary‟

18

Staying ahead of the curve Get the latest breaking news about new malware, spam,

security threats, and arrests straight to your desktop at www.sophos.com/feeds Get daily updates from SophosLabs Blog, which provides TM

insight into the most interesting and widespread threats www.sophos.com/blog

19

Thank you US and Canada: 1-866-866-2802 [email protected]

UK and Worldwide:

+ 44 1235 55 9933 [email protected]

20