Symantec Intelligence reports that spammers have set up public URL shortening services to better conceal their spam sites and make them harder to block. Its current report highlights this particular group of spammers who operates at least 80 URL shortening sites using a similar naming pattern, and used the .info top-level domain. They even made their URL shortening sites public for anyone who need to shorten a URL. Spammers are taking advantage of the convenience and familiarity of shortened URLs made popular by social networking services which people trust and have grown accustomed.
Given the popularity of the Android operating system on mobile devices and smartphones, malware perpetrators are turning their attention to these devices at an noticeable rate and they have every intention to monetize the malware exploits.
Premium rate billing is one simple technique used by them to skim some money. In an infected Android smartphone, the Android malware performs some useful or entertaining function, but secretly sends SMS short codes that bill the owner of the smartphone.
Other malicious applications operate by corrupting search engine results to drive traffic to malicious Web sites, either to encourage download of more malware or to generate income based on pay-per-view or pay-per-click advertising.
Symantec Intelligence also highlighted the existence of Duqu, a Trojan which appears to have its roots in Stuxnet as they both share similarities in their source codes. Duqu's purpose is to gather intelligence data and assets from entities, such as suppliers to industrial facilities, in order to more easily conduct a future attack against another third party.
In October 2011, the globl ratio of spam in email traffic declined slightly to 74.2% (1 in 1.35 emails), a decrease of 0.6 percentage points when compared with last month's statistics. Our local spam rate stands at 72.2% while in the US, 73.8% of email was spam and 73.2% in Canada. The spam level in the UK was 74.8 percent.
In October, 20.1% of email-borne malware contained links to malicious Web sites, an increase of 3.6 percentage points since September 2011. Emails that contained generic polymorphic malware variants accounted for 45.1% of all email-borne malware in October, compared with 72% in September; many included attached ZIP files that contained the generic malware.
The UK climbed to the top of the table with the highest ratio of malicious emails in October, with one in 146.4 emails identified as malicious. Hong Kong was second with with one in 180.3 emails identified as malicious. One in 272.4 emails in Singapore contained malware.
In October, phishing email activity diminished by 0.07 percentage points since September 2011; one in 343.1 emails (0.29%) comprised some form of phishing attack.
The UK became the country most targeted geography for phishing in October, with one in 178.3 emails identified as phishing. South Africa was the second most targeted country, with one in 203.8 emails identified as phishing attacks. For Singapore, one in 500.1 emails is identified as a phishing attack.
The Education sector overtook the Automotive industry to become the most spammed industry sector in October, with a spam rate of 76.4%. The spam rate for small businesses was 73.9%, compared with 74.1% for large enterprises. The Public Sector remained the most targeted industry in October with one in 62.0 emails being blocked as malicious.
The October 2011 Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available here.