The February 2011 MessageLabs Intelligence Report indicated that last month has been the most prolific period in terms of simultaneous attacks and malware family integration across Zeus (aka Zbot), Bredolab and SpyEye.

SMEs, who suffer from limited IT and security resources, need to be more vigilant in the use of portable and online assets, particularly email and social networking tools, an infamous vector of infection.

China and India leading victims of spam and viruses

According to a recent survey, around 80 percent of Singapore companies are planning overseas expansion in the next six months, with China being the most preferred destination. For companies looking to expand their operations overseas, they are opening themselves up to a wider variety of IT security threats.

For these Singapore companies (especially SMEs), expansion to other markets like China or India can be a critical move, and one that already requires significant investment. As clearly more spam is flooding China’s in-boxes, the risk to poorly or undefended systems is extremely high as well as the threat of losing critical, confidential information to cybercriminals.

Overall, Asia’s virus rates increased from January to February 2011 and spam rates increased across all tracked countries. China became the most spammed in February with a spam rate of 86.2 percent, making it the most spammed country in Asia and the world, while the automotive sector continued to be the most spammed industry with a spam rate of 84.3 percent.

India was the most targeted country by email-borne malware with 1 in 267.7 emails blocked as malicious in February – an increase from 1 in 647.9 from January. In Malaysia, virus levels were 1 in 396.9. The Government/Public Sector also remained the most targeted industry for malware with 1 in 41.1 emails being blocked as malicious.

Go regional - go Cloud!

Companies looking to expand into China or India know they need security even more, but traditional measures such as on-premise software and on-premise appliances require heavy investments and resource allocation to be most effective.

Cloud security services on the other hand, are simple to set up and administer and generally work with any mail client or server configuration, regardless of geographic location. Moreover, this set up process is significantly faster than packaged software or appliances and once completed, data is routed through secure data centres and analyzed for malware, viruses and spam before reaching their destinations.

With new spam and virus techniques emerging almost daily, companies have to realise that they, in general, neither have the core competency nor the financial power to keep investing personnel, time and money into deploying new countermeasures at such a rapid rate. The situation is more acute amongst small and medium sized businesses.

All is not lost however. Security vendors that have already embraced the cloud have the expertise and resources to devote frontline personnel and massive processing power to fighting emerging threats. Co-opting these cloud security vendors into your security strategy may prove to be the best shot yet. Cloud security potentially enables the latest security policies, processes and patches to come into effect the moment threats arise, protecting its clients in real-time.

Bredolab Trojan takes top spot

There were 40 variants of the Bredolab Trojan, accounting for more than 10% of email-borne malware blocked by MessageLabs Intelligence. Bredolab is one of the more well known botnets, and has infected at least 30 million infected computer systems worldwide since July 2009.

Last year, the Dutch National Crime Squad High Tech Crime Team claimed they had taken down Bredolab by shutting down 143 computer servers. But in November 2010, MessageLabs Intelligence started to report Bredolab emails which all contained a similar subject referring to “DHL International.” They have been using the DHL and UPS Invoice subjects for a long time. These latest findings reveal that contrary to recent beliefs, Bredolab is not dead and similar techniques are being employed by other major malware families.

There has also been an increase in the volume of collaborative attacks that make use of well-timed, carefully crafted and targeted techniques. The Bredolab malware families were used to conduct simultaneous attacks via propagation techniques, signalling the likelihood of a common origin for these infected emails.

PDFs - the new vector of attack

Over the past year, malicious executable files have increased in frequency and PDF files are the most popular file format for malware distribution.

PDFs now account for a larger proportion of document file types used as attack vectors. In 2009, approximately, 52.6 percent of targeted attacks used PDF exploits, compared with 65 percent in 2010, an increase of 12.4 percent. If the trend were to continue as it has over the past year, 76 percent of targeted malware could be used for PDF-based attacks by mid-2011.

Other report highlights from a global perspective

  • Spam: In February 2011, the global ratio of spam in email traffic from new and previously unknown bad sources was 81.3 percent (1 in 1.23 emails), an increase of 2.7 percentage points since January.
  • Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was 1 in 290.1 emails (0.345 percent) in February, an increase of .07 percentage points since January. In February, 63.5 percent of email-borne malware contained links to malicious websites, a decrease of 1.6 percentage points since January.
  • Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
  • Phishing: In February, phishing activity was 1 in 216.7 emails (0.462 percent), an increase of 0.22 percentage points since January.
  • Web security: Analysis of web security activity shows that 38.9 percent of malicious domains blocked in February were new, a decrease of 2.2 percentage points since January. Additionally, 20.3 percent of all web-based malware blocked in February was new, a decrease of 2.2 percentage points since last month. MessageLabs Intelligence also identified an average of 4,098 new web sites per day harbouring malware and other potentially unwanted programs such as spyware and adware, a decrease of 13.7 percent since January.

Source: The February 2011 MessageLabs Intelligence Report

The full report is available at