M86 Security today released it’s bi-annual security report for the first half of 2010, highlighting the evolution of obfuscation through combined attacks. From the report: “This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for ‘covering their tracks’ are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language—built into Adobe flash—and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today.”

Malicious Spam Percentage (Jan-Jun, 2010) – Through the first half of 2010 malicious spam has hovered around 1% of total spam, although at times it has spiked to over 3%. The Pushdo botnet, and to a lesser extent Asprox, have been behind much of this activity.
Source: M86 Security Lab ReportThe report says spam remains a major issue both for bandwidth as well as a malware vector. Key findings include:

• Of the 15 most exploited vulnerabilities observed, four involved Adobe Reader and five were for Internet Explorer.

• Most exploits were first reported more than a year ago and have been addressed by the software vendors, highlighting the need to keep software updated with the latest versions and patches.

• Advanced Persistent Threat attacks made headlines after being used against commercial organizations such as Google and Adobe.

• More Java-based vulnerabilities have been actively exploited, reflecting the exploits’ high “success rate” for attackers.

• Mass Website infections continue to be a huge problem, as attackers use botnet malware, such as Asprox, to carry out automated mass attacks.

• Anti-detection techniques proliferated as cybercriminals aim to stay under the radar as long as possible.

• Email is still a major attack vector, with botnets spamming out both malicious attachments, and blended threat campaigns that drive users to infected Websites.

• Total spam output remains extremely high, as the major spamming botnet operations continue to operate largely unimpeded. Just five botnets are responsible for 75% of all spam.

• Spam promoting pharmaceuticals constitutes 80% of all spam, reflecting the attractiveness of major spam affiliate programs such as Canadian Pharmacy.

• Spammers are using more diverse tactics, including malicious PDF attachments and HTML attachments that load malicious code.

• The controversy over Facebook privacy underscores the need to review privacy on these networks, as they are areas ripe for abuse.

Related Links:
M86 Security Labs
Latest M86 Security Labs Report Details New Ways Cybercriminals Are Thwarting Security