Similar to targeted attacks, global phishing has increased slightly and Web-based malware threats are up 47.8 percent since Oct. 2011 and WS.Trojan.H² was the number one culprit. The public sector remained the most targeted by phishing in November, with one in 120.9 emails comprising a phishing attack.

The company’s November report found that the overall amount of daily targeted attacks has increased four-fold since January this year, averaging 94 blocked attacks each day of November.

“In November, one in 255 emails was malicious, but approximately one in 8,300 of those were highly targeted,” said Paul Wood, Symantec senior intelligence analyst for cloud. “This means that highly targeted attacks, which may be the precursor to an APT (advanced persistent threats), account for approximately one in every two million emails, still a rare incident rate.” 

Zoom out, and this equates to at least one attack per day that is blocked in the U.S. The report indicated that 389 users are targeted daily versus the single attack every nine days that Japan has to defend itself against. 

While the public sector took the number one spot, industries such as the chemical and pharmaceutical industry came close behind with 18.6 targeted attacks blocked each day. The manufacturing sector took spot three with 13.6 attacks per day. 

Wood indicates that most attacks are unsuccessful until attackers, “are able to understand our interests or hobbies,” after which, “they are often able to construct more believable and convincing attacks against us.” 

Oppositely, the global spam rate hit an all time low in three years, said the report. Email threats also decreased ever so slightly with a global ratio of one in 255.8 emails.

Photo: Paul Wood, Symantec

Symantec recently released the results of its October intelligence report. The report found that spammers have established a genuine URL shortening service that is publicly available and will generate real shortened links. This was all found in spam emails.

About 92 percent of the spam emails contained the URLs and the use of the shortened links make it difficult to block the messages based on fingerprinting the URL. In total, 80 URL shortening sites have been operating and using a similar naming pattern.

“It is possible that spammers are setting up their own URL shortening sites since legitimate URL shortening sites, which have long suffered with abuse, have slightly improved their detection of spam and other malicious URLs,” said Paul Wood, senior intelligence analyst at Symantec.

“It’s not fully clear why the sites are public. Perhaps this is simply due to laziness on the spammers’ part, or perhaps an attempt to make the site seem more legitimate,” he added.

The report also highlighted the trend of a decease in malicious activity as compared to the year before. The ratio of spam in email traffic decreased 0.6 percentage points while phishing email activity diminished by 0.07 percent.

Email-borne viruses in email traffic decreased 0.11 percent and web-based malware threats decreased 4.3 percent.

For the fifth consecutive year, McAfee researched popular culture’s most famous people revealing the riskiest celebrities on the Web. The McAfee Most Dangerous Celebrities study found movie stars and models to be more dangerous while singers and sports stars are among the safest. Heidi Klum replaced Cameron Diaz as most dangerous celebrity to search for on the web.

According to McAfee, cybercriminals will frequently use names of popular celebrities in order to lure users to sites interlaced with malicious software. Searching for the latest Heidi Klum pictures and downloads has a nine percent change of landing on a website containing spyware, spam, phishing, adware, viruses and other malware.

“While slightly safer than last year, searching for top celebrities continues to generate risky results,” said Paula Greve, director of Web security research at McAfee. “Consumers should be particularly aware of malicious content hiding in ‘tiny’ places like shortened URLs that can spread virally in social networking sites, or through e-mails and text messages from friends.”

The study makes use of McAfee SiteAdvisor software that provides ratings indicating which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage. Other celebrities making the top ten include Piers Morgan, Jessica Biel and Katherine Heigl.

The report combines results from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. 

According to Symantec, the turbulent market drives “pump-and-dump” stock scams. Spammers cause an artificial rise in stock price and sell their shares. Ending the campaign reduces interest in stock and drives stock back to original low price.

“Scammers can make substantial profits in a matter of days with a well-executed pump-and-dump spam. In the current turbulent environment many people may be convinced to invest in stocks that the scammers claim will benefit from the market turbulence,” said Paul Wood, senior intelligence analyst, Symantec.cloud.

Additional analysis revealed that there were as many new boot time malware threats in the first seven months of 2011 as there were in the previous three years.  

“MBR infections offer great scope for deep infection and control of computers, which makes the idea attractive to malware creators. Contemporary MBR infection methods are a fairly complex affair usually executed by highly skilled individuals,” Wood said

In August 2011, the global ratio of spam in email traffic declined to 75.9 percent. However, phishing activity increased in August. Many increases are coming from attacks related to major brand names related to Apple’s iDisk as well as a variety of Brazilian companies and services, including financial brand names and social networking.

According to a report by Ohio’s WBNS-10TV, FBI Supervisory Special Agent Robert White said criminals are always finding new ways to exploit victims and businesses, which keeps the U.S. at risk. He explained the average web user is the most vulnerable.

“Given our connection to the Internet, and our infrastructure and everything being computerized, it also lends itself to possible cyber terrorism,” White said. 

One of the newest and most popular modes of attack is “spear phishing,” which has experienced a recent uptick due to its low cost and efficiency. This type of attack comes in the form of an email containing a malicious code that infects a user’s computer once clicked.

“Let’s say that I know you are interested in the new park downtown, so I might send you a phishing email saying (to) check out these pictures of the new park and one of these has a malicious code so you’ll click on it and now you are infected,” White told WBNS-10TV.

To protect against this vicious malware, White recommended users store their data in an encrypted form, separate accounts on the system, install antivirus, antispyware and firewall protection and turn the computer off when not in use.

According to Invincea Founder and CEO Anup Ghosh, those behind spear phishing attacks range from Nigerian scammers, adware affiliate marketers, to organized crime and foreign governments.

Image: Maksim Pasko

Reports of losses from cyber crimes gathered from surveys are greatly exaggerated and often based on unverified, self-reported numbers and skewed results, according to two Microsoft researchers.

In the “Sex, Lies and Cybercrime Surveys” report, Dinei Florencio and Cormac Herley say much of the information on cyber-crime losses comes from surveys, which often overlook the uneven distribution of cyber-crime victims among the populace, and rely on unverified self-reported numbers.

For example, a single individual who claims $50,000 losses, in an N = 1000 person survey, is all it takes to generate a $10 billion loss over the population, the researchers said. Similarly, one unverified claim of $7,500 in phishing losses translates into $1.5 billion, the researchers noted.

Another problem is that cyber-crime value estimates are often inconsistent. As example, the researchers cite the Federal Trade Commission, which in 2004 estimated identity theft at $47 billion, $15.6 billion in 2006, and $54 billion in 2008.

“Either there was a precipitous drop on 2006, or all of the estimates are extremely noisy,” the researchers said.

When surveying cyber-crime estimates, the researchers recommend having a representative sample, without too great of concentration, an adequate upper-tail sampling, and that outliers get checked for error or fabrication.

Image: Christopher Dodge

Germans are increasingly afraid of falling prey to cyber criminals, with 85 percent fearing hackers will steal their credit card data or get online access to their bank accounts, Reuters reports.

A survey by German tech industry association Bitkom said the number of Internet users over the age of 14 fearing such an attack has grown to 85 percent this year compared with 75 percent in 2010.

Bitkom said part of the problem is that 20 percent of consumers fail to use any sort of cybersecurity.

Last year, cyber crime incidents in Germany increased by 19 percent; phishing attacks on online bank data nearly doubled, with the average damage reaching nearly 4,000 euros ($5,797), data from the federal police showed.

Germany earlier this month opened the doors to a cybersecurity center, which will work to protect the country’s infrastructure from what its Interior Minister Hans-Peter Friedrich said was a growing menace posed by hackers.

Thirty-seven percent of respondents said their websites had phishing or spoof sites planted on their web servers two or more times before, a number that reflects the persistence of phishers and the difficulties of fighting them, APWG said.

The most frequently attacked operating system among survey respondents was Linux OS, with 76 percent. Attack victims reported they used Apache as their web server in 81 percent of the responses, MySQL as their database application in 81 percent of the responses, and PHP/Java as their application platform in 82 percent of responses.

Only 7 percent of victims reported the compromised website was used for e-merchant purposes. Seventeen percent said  customer data were stored on the compromised hosts, while only 4 percent cited theft of customer data.

Eighty-four percent of the victims reported attackers uploaded phishing or spoof web pages and scripts onto sites for use during their phishing attempt. Additionally, 24 percent of victims said attackers installed malicious software on their sites.

Detecting the compromises, only one in five victims said the attacks were discovered by their own staff; 52 percent were informed of the attack by third-party security companies.

Secretary of State Hillary Clinton said the United States was notified Wednesday about the compromise and is looking into the allegations, which Clinton called “very serious,” Bloomberg reported.

These tweets are being posted by users at the rate of several hundred tweets per second, Websense said. Instead of directing users to a real CNN story, the tweets lead to a phishing page.

Examples of the fake tweets include:

omgg osama is alive!!! cnn confirmed that he’s still out there (

I cant BELIEVE osama is still alive – CNN confirmed he around stillll :O

OMG CNN confirmed that they found Osama alive still ! ! !

Users who end up on the phishing page and type in their information are then taken to a YouTube video related to the topic of the scam, a CNN video discussing the news “‘Osama is alive’ say protestors,” Websense said.