However, payload virus levels shot up to record-high levels in August. In comparison to August of 2009, we saw a 111% percent increase in volume overall. What is more remarkable, though, is that this August saw the highest registered number of viruses blocked in a single day: 188 million. This virus surge is even more pronounced than last October’s, when Mega-D, a top-ten botnet, infected over 250,000 computers worldwide before being shut down by a carefully orchestrated campaign by security professionals. This recent increase in viral activity could indicate a “gearing up” as spammers attempt to construct botnets in time for the holiday season and increased consumer spending. With the commercialization of spam in 2006, we’ve often seen a correlation between spam, malware campaigns, and seasonal consumer patterns.
The actual content of this virus wave consisted mainly of traditional spoofing of major brands, along with a new tactic involving recycling previously sent emails taken from the hard drives of infected computers. This new method is more difficult to detect as the wording and content is familiar to the recipient. As always, be on the lookout for suspicious email language and exercise extreme caution when clicking on links. Features in Gmail such as
authentication icons can go a long way in protecting your computer, but it’s important to be aware and mindful of these new viral activities when managing your inbox.
An interesting and unusual trend has been in the sizes of the individual viruses being transmitted. Particularly, we’ve seen some irregularly sharp peaks in size throughout September, following the surge in total numbers during August. This could be due in part to increased use of .zip and .html attachments containing malicious JavaScripts. Overall, virus traffic continues to be strong and users need to be on high alert when handling suspicious messages. Postini Services customers are strongly encouraged to enable the Early Detection Filtering functionality in order to ensure maximum protection from zero day virus threats.
Shortened URLs can mask suspicious linksThis quarter we detected an increased volume of emails containing shortened URLs linking to suspicious websites. Spammers are increasingly making use of services that shorten URLs as a way of masking the destination website to the user. With the widespread proliferation of shortened URLs, particularly among blogging sites and social networks, it has become increasingly important to remain vigilant and skeptical when evaluating URLs. A shortened URL sent from a “friend” might seem innocuous enough, but, as always, links and emails sent from unknown senders should be scrutinized before further action is taken.
Beware false financial transaction messages We continue to see false notifications claiming to be sent by various financial authorities. Spammers will frequently send their targets a simple yet authoritative message alerting them of a rejected or unauthorized transaction, then provide a false link directing them to a website. The format of these emails is often simple and innocuous, making it difficult to ascertain the malicious content from a quick glance.
Continued use of NDRsNon-Delivery Report/Receipt (NDR) are legitimate messages used to alert users that a sent email has not been delivered correctly.
Back in July we noticed an upswing in false NDRs bearing malicious JavaScript. As a hybrid between virus and spam messages, these messages were in reality obfuscated JavaScript attacks, directing users to a particular website or initiating an unexpected download. The user is often unaware of the attacks, making these messages particularly dangerous and difficult to detect. However, Google’s vast network and patented filtering technology was able to detect these messages early on and respond quickly. The Postini-Anti-Spam-Engine (PASE) was immediately updated in response and has been protecting users throughout Q3 from the continued use of false NDRs.
Fake celebrity gossip
Although August was a slower month in terms of overall spam volume, we saw a substantial spike in messages claiming to break the news of untimely and sudden deaths of various high-profile celebrities. The messages referenced a zip file that in turn contained a virus. These messages, similar to various classic phishing scams involving “friends” in need, attempt to pique a user’s interest with an alarming subject line and content. This has proven to be a successful tactic – hence its continued popularity – as users will often open an email instinctively in response to a particularly emotional or compelling subject line. In response to these attacks, our engineers have developed and released filters designed to combat new spam waves.
Stay safe with a cloud-based security solutionPostini’s hosted
email security solutions provide comprehensive spam and virus filtering in the cloud – before they reach the network level. Google’s vast network filters billions of messages a day from all over the globe, creating a “network effect” that allows Google to identify emerging threats and respond early.
For more information on how Google Postini Services can help your organization remain safe, compliant, and spam-free, please visit
www.google.com/postini.
Posted by Adrian Soghoian and Adam Hollman, Google Postini Services Team