Plenty More Phishes in the Sea
If you thought last month was phishing season, well, you better think again as August has seen the highest level of phishing emails so far this year.
Although we did see a virus outbreak at the end of the month, the increase was nothing compared to the influx of phishing scams over the month.
Virused overall have been on the decline over the last few months, and phishing is the new trend. The financial gain acquired from phishing scams maybe a reason why Vx’ers are changing to Phishermen.
The chart below illustrates the percentage for Ham, Spam, Viruses and Phishing for August.
The volume of Spam our filters receive has increased by nearly 2% whilst Ham has decreased by 4% compared to the previous month. Even with the occurence of a particularly nasty virus outbreak, the percentage of viruses overall is still consistent with July.
On the other hand, the volume of Phishing attacks has increased significantly this month - with the number of phishing sites detected growing by over 2%, which represents a total increase of 3% from the value two months ago. Great Britain is coming in third this month, with US second and Korea in first place.
Below, we have the daily breakdown for ham, spam, viruses and phishing.
World of Spam
The volume per geographical location for spam, viruses and phishing emails for August can be seen below.
The US is still top of the scale, and has increased by 2% compared to last month. Significantly, China has decreased by 10% from the previous month. Although a few countries have changed places, we still see the same countries in the top ten as last month.
Is Bling your Style?
This month we have seen a lot of bounce backs to Spam emails. These bounce backs originate mainly from the US, which is also our top spamming country, and often contain messages advertising watches.
| Position | Country | Percentage | ||
|---|---|---|---|---|
| 1 | US |
|
51.38% | |
| 2 | FR |
|
15.69% | |
| 3 | GB |
|
11.38% | |
| 4 | JP |
|
6.15% | |
| 5 | FI |
|
4.00% |
The marketing style for these watches is ultra modern and extremely classy. Pick from the range of watches below that best suits you:
1. Bling-Watches most classy and glamorous watches we have available. If looking Bling is your style, then these are watches will suit you best.
2. Patek Philippe Womens Watches, Stainless Steel Gray Dial with Diamond Rim
3. IWC Watches, Exported Ultra-Modern Trendy Elite Hi-Fashion Watches
4. Tag Heuer Watches, Blue Dial with Blue Leather Band with Serial number/model number engraved on back
5. 900 Genuine Exact Watches, Rolex, Breitling, Cartier, IWC and etc.
These emails are coming from 2 sites mainly, both created on August 3rd. The contact name is not given as it is a private registration through AIT domains. The two sites, revignonsale.com and veridatreplik.com, now appear to be down (as of Sept 6th).
Viruses: New Contender
The three main families dominating the Virus Top Ten are Somefool, Bagle and Mytob variants. Somefool is usually at the top of the list, so the most interesting virus this month is Mytob.NK. This virus is only in 8th place, even though a significant outbreak occurred at the end of August.
| Position | Virus | Percentage | |||
|---|---|---|---|---|---|
| 1 |  |
Worm.SomeFool.Gen-2 |
|
39.49% | |
| 2 |
 |
Worm.SomeFool.Gen-1 |
|
14.44% | |
| 3 |
 |
Worm.SomeFool.P |
|
13.13% | |
| 4 |
|
Worm.Mytob.LQ |
|
10.15% | |
| 5 |
|
Worm.SomeFool.Z |
|
5.42% | |
| 6 |
|
Exploit.HTML.IFrame |
|
4.95% | |
| 7 |
|
Worm.Bagle.pwd-eml |
|
4.60% | |
| 8 |
|
Worm.Mytob.NK |
|
3.78% | |
| 9 |
|
Worm.VB-9 |
|
2.34% | |
| 10 |
|
Worm.Mydoom.M |
|
1.68% | |
The Mytob.NK virus is exploiting a vulnerability in Window’s LSASS (Local Security Authority Subsystem Service) which could allow remote code execution on an infected machine. A week after the initial outbreak, this virus was scanned by virustotal.
The results below show that this virus is still not being detected by over half of anti-virus vendors.
An article on AV-Vendors, published in May this year, reflects the same conclusions we have today. We would have hoped this situation had changed by now - AV-Vendors have still not improved.
Watch out for this virus in the coming months as we believe it will continue spreading rapidly. A third contender is entering the battle of the viruses.
Over 97% of the Mytob.NK Viruses originated from the US, with a mere 3% coming from Korea.
Phishing: Popular Recreation in Korea
The phishing outbreak at the end of July fell off around the first day of August, but another quickly started up on the 9th, and has continued since, reaching an all time high for 2006.
The seasonal phishes this month are Bank of Scotland and Fifth Third Bank. Last month, there was an outbreak of phishes targeting users of the Bank of Scotland, and this month the trend has continued. Looking at the chart below, Phishes targeting users of the Bank of Scotland have increased by approximately 14% since August.
This blitz started on August 16th and continued for 2 weeks, and within this period the Phishermen sent enough emails to chart themselves in top place for the month. Aswell, these phishes originate from Korea, which now moves up a place to the top of the chart.
The major increase you can see from the 27th was phishes targeting users of the Bank of Scotland, also known as Phishing.Bank-66, which has totalled over 56% for all phishes for that day. For some examples of this phish, you can take a look at the Internet Defence Phishery.
Phishes targeting Natwest were in first place last month, but barely reaches over the percent mark this month.
In August, Korea is at the top with 31.49% of all Phishes, and the US is closely behind with 30.73%.