The threat landscape
MessageLabs secures 2.5 billion e-mail connections and 1.5 billion Web requests every day. This gives us valuable insight into the dangers lurking on the Internet. Overall, spam levels have remained stable, but high, for the last year. In March 2009 alone, 75.7 per cent of all the e-mails we scanned globally contained spam. This increase may possibly correlate to new botnets emerging in green field Internet sites such as India and China.
The overall number of e-mail-borne viruses fell slightly in 2007 to 1 in 117.7 e-mails but increased to 1 in 143.8 in 2008 as new outbreaks occurred. The low average virus rate of 0.7 per cent contrasts strongly with Indias rate of 1.09 per cent in our latest data. Although it is not conclusive, our experience suggests that a high virus rate leads to more infections and in turn a growth in botnets and outbound spam.
There are some worrying trends that show that Internet criminals are upping their game. Firstly, they are increasingly sending links to malicious websites that install malware rather than including malware in the e-mail itself. Some botnets also hide the true location of spam, malware and phishing sites behind rapidly-changing addresses of Web proxies for each domain. This technique accounted for the increase of botnets from 20 per cent to 25 per cent by mid-2008. In addition, the botnets that they create are much more resilient. It is increasingly difficult to detect, disrupt or remove them.
These moves make it harder for conventional defences to protect computers. They also make it more important than ever to block these attacks before they reach the user. An ounce of prevention is worth a pound of cure.
The shadow economy and targeted attacks
Online criminal activity is worth billions. There is a sophisticated shadow economy online with tens of thousands of participants where technical experts collaborate with criminal gangs to make money. There are specialist malware writers, botnet owners, identity thieves, spammers and a shady network of middlemen and market makers. It has all the attributes of the real world economydivision of labour, price competition, marketing, even guarantees.
Just as large corporations are eager to open up new markets in the developing world, so do online criminals see a burgeoning and relatively unprotected pool of Internet users as a huge opportunity.
Another sign of growing sophistication in the shadow economy is the continuous improvement in product quality. Malware writers work hard to test their products against anti-virus software. They offer guarantees that a given virus or trojan will not be detected using conventional anti-virus programs. If vendors update their software, then the malware author will supply a new version. Unfortunately for them, they cannot buy a copy of MessageLabs or other managed security services so they cannot guarantee against these services.
Sign up for Computerworld eNewsletters.