One of the key developments in 2006 has been the significant increase in spam activity, with levels now reaching 86.2%, the highest experienced since early 2005. Spam volumes have increased by 70% over the last quarter of 2006, pushing up overall email volumes by a third, largely due to the increased sophistication of robot networks, or “botnets”. The latest techniques mean that mass-mailed viruses used to create these botnets are a thing of the past.
The spam figure shows the rate of spam as it reaches the MessageLabs global infrastructure. The first stage of filtering begins when known spam from known bad sources is slowed-down using traffic management controls in place, allowing more bandwidth to be allocated to known good mail and mail from sources that we are unable to make an unequivocal judgement about. Of the mail which is not affected by these traffic management controls, 63.4% is then filtered by Skeptic™ anti-spam. This includes a proportion of mail that is intended for non-existent recipients at businesses, for example from a directory attack against a particular domain.
MessageLabs 2006Be certainMessageLabs Intelligence: 2006 Annual Security ReportA Year of Spamming Dangerously: The Personal Approach to Attacking Untitled Document Table of Contents1 Executive Summary and Overview3 1.1 Key findings4 1.2 Top threats of 20066 1.3 Top sectors under attack in 20069 1.4 Geographical trends in 2006102 Email Security Trends and Developments 200611 2.1 Targeted attacks on businesses accelerates113 Outlook and Predictions for 2007134 Conclusion15 Untitled Document 1 Executive Summary and OverviewThis report summarizes the major security trends and developments for 006, outlining the key issues that have developed over the course of the year and how they have affected the security market. The report also provides insights into the key threats and security issues that are expected to emerge in 007.2006 virus rate1 in 67.92005Avg. 1in 36.2Peak: Apr 041 in 10.42006 spam rate86.2%2006 phishing rate1 in 274.22005Avg. 81.3%Peak: July 0494.5%2005Avg. 1 in 304Peak: Jan 051 in 127One of the key developments in 2006 has been the significant increase in spam activity, with levels now reaching 86.2%, the highest experienced since early 2005. Spam volumes have increased by 70% over the last quarter of 2006, pushing up overall email volumes by a third, largely due to the increased sophistication of robot networks, or botnets . The latest techniques mean that mass-mailed viruses used to create these botnets are a thing of the past. The spam figure shows the rate of spam as it reaches the MessageLabs global infrastructure. The first stage of filtering begins when known spam from known bad sources is slowed-down using traffic management controls in place, allowing more bandwidth to be allocated to known good mail and mail from sources that we are unable to make an unequivocal judgement about. Of the mail which is not affected by these traffic management controls, 63.4% is then filtered by Skeptic" anti-spam. This includes a proportion of mail that is intended for non-existent recipients at businesses, for example from a directory attack against a particular domain.It is worth noting that without the traffic management controls in place, MessageLabs would have to filter in excess of 2.36 billion connections each day. 90% of these are immediately and unequivocally identified as spam from known bad sources and are then allocated minimal bandwidth, often causing these connections to slow down and expire.Targeted trojans, expressly created for stealing confidential information have increased from around one per week at the end of 005, to two per day by the end of 006. These attacks are set to rise further in the coming year as a natural continuation of the trend that we have observed so far in 006.Phishing continues to become much more targeted as the criminals are able to harvest personal data through spyware and botnet technology, ensuring a greater degree of accuracy with their targeting. It is inevitable that phishing activity will eventually reach a plateau, however the impact upon the financial industry will continue, and it is expected that we will see more sophisticated attacks against two-factor authentication in 2007.Web threats from adware, and advertising pop-ups as well as more insidious forms of spyware have been increasing through 006, targeting a weakness of traditional virus software which cannot address the link spam issues; emails conveying links to malware sites. Instant Messaging (IM) threats have been relatively low in comparison to email and web threats, but this is set to become more aggressive in 007 as usage increases and the ecosystem becomes more attractive to cyber criminals. Attacks against social networking sites, like MySpace, will continue as well as professional sites like LinkedIn and Plaxo. This will present hidden dangers for employees and IT departments looking to control policies internally. Untitled Document41.1 Key findings 2006 is the first year that has passed without being punctuated by a really major virus outbreak on the scale of Sobig, Mydoom or Netsky. The almost notable exception was in January with the rather bland Nyxem.E (a.k.a. MyWife.D, Blackworm or Kama Sutra). This virus was unique in that each infected computer generated a request to a web page, and in this way Nyxem.E represented an opportunity to track the spread of the virus, and also the scale of the clean-up operation that quickly followed. MessageLabs intercepted more than four million copies of Nyxem.E during the first week of the outbreak. During the final week before the virus was due to activate (February 3), MessageLabs tracked over 11,000 computers being cleaned-up each day, however, most of those still active on the trigger date were believed to reside in India.Until 2006, the convergence of just viruses and spam was well understood. Around 80% of all spam in circulation is known to be distributed from botnets, expressly created for this purpose by specially crafted strains of viruses. The first well-known example being Sobig in 2003. Since then, almost all of the major virus outbreaks have been for the purpose of creating a botnet that will subsequently be used to send out spam. During 2006 it was becoming clear that a new element had combined with this ecosystem to enable the attacks to become more selective and targeted: Spyware. The distribution of spyware and adware is reportedly a multi-billion dollar industry, fuelling a boom in the number of botnets that are now being created. ThemalwaresyndicateVirusesSpamSpywareViruses are used to create spam botnetsSpammers pay for botnet generatingviruses or complete botnetsThe current rate for renting a botnet is roughly 50- 60 per 1,000 to 2,000 bots for approximately a week, but it depends on how the bots are to be used, in some cases the price may be higher or payment may be in exchange for a list of stolen credit card numbers. For example, a fraudster who has developed a bank stealing trojan, but no distribution network, may expect to pay a bot herder to install the trojan on some of the machines in his network. Sometimes the bot Untitled Document5herders expect extras i.e. they will monitor what their bots are doing when they are hired out and log any credit card numbers, personal data, etc. that may be collected or relayed through them.In January 2006, we learned from the latest FBI Computer Crime Survey (based on a cross-section of over 2,000 organizations) that almost nine out of ten U.S. organizations surveyed experienced computer security incidents last year and that viruses (83.7%) and spyware (79.5%) headed the list of attacks, accounting for a loss of around 12 million of the million total losses reported. Spyware provides a lucrative revenue stream for the growing number of criminals who have control over increasing numbers of botnets. With no regard for the victim by using drive-by-installs a cyber criminal can make several thousand dollars by remotely installing adware on the compromised PCs enslaved under their control, all without the owners knowledge or permission. Each installation may often only generate a few cents worth of revenue, but for someone with control over a large botnet, revenues can increase significantly. Once installed, the adware is difficult to remove and provides a means of delivering targeted pop-up advertisements, based on personal data harvested from the user s online browsing habits.However, much of the code used to control botnets is also capable of gathering far more sensitive information from the user s machines, including cracked usernames, passwords, credit card numbers and other personal data stored inside their web browser s auto-fill database. With this level of intelligence, the cyber criminals are able to target their attacks even more effectively with the knowledge of which sites the bots under their control regularly access. This has been a major development in the threat landscape since spyware could now provide the means for attacks to become much more selective and targeted, and allows the criminals to send out more discreet batches of emails, lessening the impact on the radar of the wider security community.Clearly, phishing continues to have a significant impact despite technological advances made in some areas by the introduction of two-factor authentication. For example, in the UK, the number of phishing attacks rose by 16-fold and bank losses from online fraud rose to 23m during the first half of 2006, according to Association of Payment Clearing Services (APACS). As banks and other organizations concerned by increasingly targeted phishing attacks move towards introducing stronger multi-factor authentication methods, it is only a matter of time before the phishers respond. Many banks across Europe already employ some form of two-factor authentication which requires more than a username and password (the first factor) to authenticate to a website. They also require some form of one-time password (the second factor). Phishing attacks are also becoming more targeted using the information gathered from spyware. It is possible for cyber criminals to send out smaller batches of emails to individuals who are more likely to respond to such an attack, including personal information such as zip and postal codes to enhance their authenticity.On average, MessageLabs detects around ten new worms that are designed to spread bot programs each day. These worms are based on existing malicious code but have been disguised in an attempt to avoid detection by signature based anti-virus software. Although the average size of a botnet hasn t changed significantly in recent months, the number of active botnets does continue to rise, as does the usage of botnets to install various Pay-Per-Install adware applications. Early in 2006, new strains of the bot worms were discovered suggesting more sinister developments where the latest strains attempt to conceal their presence from the operating system and any installed security software by using rootkit techniques. This involves the installation of a kernel-mode device driver that hooks various system calls in order to conceal malicious files, processes and registry keys, making it increasingly difficult to identify and remove using traditional means. Targeted attacks using smaller, more agile droppers and other trojans became the malware-of-choice throughout 2006, a trend which was first observed in February 2006. This is explained by major advances in technology for detecting mass-mailing malware, coupled with the desire to create an attractive market for trojans that remain invisible for longer, as opposed to those that draw attention to themselves by continually sending virus infected emails. This culminated in the more aggressive attacks from strains such as Warezov (a.k.a Stration) and the more insidious SpamThru trojan, towards the latter part of the year. Untitled Document61.2 Top threats of 2006The overall spam trend for 006 has seen an increase in spam levels towards the latter part of the year, in line with 2005 yearly figures, with an annual average percentage of 86.2%. With 63.4% being identified as spam from new and unknown sources identified by Skeptic; this compares with the annual 2005 average of 68.6%. 2350%60%70%80%Q1Q2Q3Q4Q1Q2Q3Q420052006SpamratesQ1 2005 Q4 200668.3%66.0%61.7%59.2%60.4%63.9%73.5%76.1%The sudden rise in spam towards the end of 006 was due to the huge rise in botnet activity caused by the SpamThru and Warezov trojans, both used to send out large volumes of image spam emails. Image spam is traditionally difficult to intercept, however, with recent advances in Skeptic technology and a clearer understanding of the nature of this type of spam, MessageLabs is able to detect and intercept this type of spam more effectively than traditional defenses because of the use of Image Heuristics: MessageLabs use image heuristics to examine many aspects of an image (e.g. numbers of colors used, the image format used) to identify and block images that are likely to be spam. MessageLabs also employs a combined heuristics approach, which involves not only using the heuristics on the images themselves, but combining these results with existing text-based heuristics to provide a very high level of accuracy.Another key factor in the rising tide of spam in 006 has been the targeted nature of some types of spam. In recent months, MessageLabs observed an increase in the number of spam emails that are specifically targeting individuals within the technology sector by using social engineering techniques. One example is geek spam, spam which includes technology-related keywords within the email to dupe recipients into believing that the spam is actually something more relevant, such as a bug report. The use of technology buzzwords hidden inside the body of the spam can ensure that the email looks convincing enough for the anti-spam software to allow the mail through, and can help to pollute the Bayesian filters often found in most anti-spam products. This technique relies on the use of a specific lexicon of terms usually only associated with particular industry, not only as a means of social engineering to dupe the recipient into believing the mail is genuine, but also to weaken the effectiveness of Bayesian filters that are trained to recognise good emails from bad.During 2006, spammers have dabbled with other mediums, polluting weblogs with comments that contain links to disposable spam domains and even creating their own splogs or spam-blogs. Instant Messaging (IM) is being targeted too, with some estimating that almost 10% of all IM traffic is now spam. The clock would have to be wound-back several years before such low levels were the equivalent for email traffic. Untitled Document7The use of prolific and highly populated social networking sites, such as MySpace, LinkedIn and Plaxo, make it a rich target for the spammers and criminals who are intent on gathering as much personal information as possible. MySpace has come under an onslaught of malicious attacks over the last 12 months from spammers, where they create convincing profiles that contain links to seductive, automated IM chat-bot sirens that typically lure unsuspecting MySpacers onto the rocks of some lucrative webcam site. These profiles are then used to send out baiting friend requests via specialized software that is able to target the recipients from the online profiles, and in large numbers. For example, targeting males, aged 18-24 years, located in the US. Some of these profiles have also been reported to contain bogus video links that are alleged to attempt to install spyware onto the visitors computers exploiting malformed media files. Users of more professional sites, like LinkedIn and Plaxo, should also be cautious when receiving a link request from a former colleague. How can you be certain that email request came from the person you think it may be?The annual average percentage of malware attacks in 2006 is 1.5% or 1 in every 67.9 emails contained a virus or trojan. In 2005 the annual average was 2.8%, or 1 in every 36.1.231in 1001 in 1201 in 01 in 201 in 401 in 601 in 8020052006Q1Q2Q3Q4Q1Q2Q3Q41 in 41.81 in 34.31 in 42.61 in 28.9Virus ratesQ1 2005 Q4 20061 in 43.01 in 70.21 in 94.61 in 114.9Targeted attacks significantly increased during 2006. In 2005 MessageLabs intercepted just one attack per week, this fgure has now risen to approximately two targeted attacks per day by the end of 2006. Untitled Document8Phishing continued to be a major threat during 2006, accounting for an annual average of 0.36% or 1 in every 274.2 of all email traffic. In 2005 the annual average of phishing emails was 0.3% or 1 in every 304. Phishing also accounted for 24.8% of malicious email traffic intercepted in 2006; rising from 10.6% in January to 68.6% towards the end of the year. When compared with the annual average in 2005 of 13.1%, the 2006 figure highlights a marked shift in cyber criminal activity towards phishing during the last months. 231in 1501 in 2001 in 2501 in 3001 in 3501 in 4001 in 214.71 in 286.01 in 427.61 in 279.81 in 356.21 in 377.41 in 263.41 in 195.0PhishingQ1 2005 Q4 2006Q1Q2Q3Q4Q1Q2Q3Q420052006Untitled Document 1.3 Top sectors under attack in 2006It can be seen that across most industry sectors, virus attacks have diminished, with only a few notable exceptions. The reason for this is that the attack profile has shifted considerably in the past 12 months. Gone are the days of the large scale mass-mailed virus outbreaks such as MyDoom and Sobig, belying the trend towards more small-scale targeted attacks. These attacks are typically for the purposes of industrial espionage or intellectual property theft. In the last year the scope of these attacks has widened considerably, especially targeting small to medium sized businesses that are often the weaker link in a much larger supply chain.Business Support Services has been in the firing line for both viruses and spam during 2006, comprising of recruitment and staffing agencies, office support services and administrative and secretarial resources. It is perhaps not surprising that this sector is heavily targeted as many larger organizations rely upon their services. Often smaller in size, the open nature of their communications to the wider world means that these businesses will frequently communicate with individuals that they do not necessarily know or have a prior relationship with. Resumes are often distributed via email typically using a personal email account from a computer at home and these files are more likely to be infected than a typical business computer. With social networking sites coming under increasing attack, resourcing companies who rely upon these networks will inevitable fall into the firing line too, unless they have the appropriate level of protection in place.Virus rates by industry 2005 &20061%2%3%4%5%13Spam levels across most sectors are down on the previous year, but this does not highlight the more targeted nature of this spam, making it much more difficult to prevent using traditional techniques. Furthermore, this is a measure of the spam that has originated from new and unknown bad sources, i.e. which cannot be unequivocally judged by the MessageLabs Traffic Management controls. It is possible to block the vast majority of spam using traffic management controls, without which these figures may be much higher.Untitled Document 010%20%90%30%40%50%60%70%80%5Spamrates by industry 2005 & 20061.4 Geographical trends in 2006As expected, organized criminal groups continued to operate across international boundaries with no consideration for any legal jurisdiction. The threat to many of the emerging and developing countries has increased. For example, with the rapid growth in the economy in countries like India, cyber security issues have come to the fore. Earlier in 2006, the region came under a great deal of pressure from virus attacks, beginning with Nyxem.E in January. *Data not reported in 200511%2%3%4%5%Virus rates by country2005 &2006This softening-up of the region culminated in a vast increase in the volume of spam destined for that country as the year came to a close. As Western companies seek to establish a presence in the region, they too become targets, and as such the region also becomes increasingly more attractive to the cyber criminals. As legislation and law enforcement continue to play catch-up, businesses must undertake their own measures to protect themselves. It is all too clear to Untitled Document see that in this time of increased regulatory pressures from corporate governance requirements, the consequences of a security breach for any business may result in severe financial losses and negative publicity. Spam levels in the Asia-Pacific region have noticeably increased in the past 12 months. This includes Australia, Hong Kong and Singapore. Spammers in the region are now targeting this area much more aggressively, exploiting legal loopholes and operating overseas and beyond international jurisdiction.Spamrates by country 2005 &20060%10%20%30%40%50%60%70%80%90%*Data not reported in 20052 Email Security Trends and Developments 20062.1 Targeted attacks on businesses acceleratesThe most notable threat in 006 has come from the substantial increase in the number of targeted attacks being perpetrated against business and organizations around the world. These attacks are specifically designed for the purpose of corporate or industrial espionage; the theft of intellectual property and confidential information. In March 2006, Michael and Ruth Haephrati were charged and found guilty after being extradited to Israel from Britain. They were jailed for two and four years respectively for creating and distributing a trojan used for industrial espionage by some of the biggest companies in Israel. The case originally came to light last year, when the trojans were being sent to carefully selected businesses via an email attachment purporting to be a business proposal, in order to trick users into downloading the spyware. Well-known businesses, including TV, mobile phone, car import and utility companies, were accused of using this malware, which was developed by the couple, to steal rivals corporate secrets and monitor their activities.Throughout 2006 MessageLabs continued to observe an increase in the level of sophistication in the nature of the targeted attacks facing businesses worldwide. The number of targeted attacks rose from one per week in 005, to approximately two per day in by the end of 2006. Most of the early attacks preyed on vulnerabilities in Microsoft Word, but more latterly these attacks have also exploited Microsoft PowerPoint and Excel, but Microsoft Word remains the main vector for attack with 69% of the attacks preferring this vehicle.Each targeted attack is very much tailored to particular needs in terms of which exploit is used, the social engineering techniques employed as well as which source IPs are used and what the targets will be. Generically, there is no single feature that could distinguish a targeted attack from a low-scale trojan deployment. However preventing targeted attacks automatically is still possible since they expose themselves in similar ways to other malware. In 005, these attacks Untitled Document were predominantly directed at public sector bodies, military organizations and other large businesses particularly in the aerospace, petroleum, legal, and human rights fields. By the end of 2006, no industry sector could be considered safe. Traditional anti-virus solutions that are signature-based provide a reactive approach and require signature updates to be effective, providing little or no defense from these kinds of often unique targeted attacks, which may only be sent to one or two targets. Studies by MessageLabs have shown that the typical time for signatures to appear for targeted trojans is still several months. Companies need to realize that they cannot rely solely on traditional reactive methods and need to be proactive in their approach. One of the main drivers of the increased spam towards the end of 006 has been from a trojan dubbed SpamThru . This trojan is responsible for a great deal of the botnet activity behind increased levels of spam in recent months. Analysis of SpamThru shows that the SpamThru makers are releasing new strains at regular intervals in order to bypass traditional anti-virus signature detection. Using the spam cannon technique, SpamThru utilizes a template for each spam it sends and by combining it with a list of email addresses, each zombie is then able to pump out millions of spam emails.Although designed to turn the infected computer into a spam-sending zombie, SpamThru also employs an interesting device to circumvent the closure of the command-and-control channel. Usually, the control channel (or mother-ship ) is located on an Internet Relay Chat (IRC) server under the control of the botnet master, and if this channel is disrupted, he/she may lose control of the entire botnet. However, rather than relying upon a central mother-ship for the control channel, each SpamThru zombie is able to learn about the other zombies in the botnet and relay that information when requested. Command and control is still centralized with SpamThru but should the control channel become disrupted, the botnet controller can regain control of the botnet by having access to just a single zombie machine on the botnet.SpamThru also attempts to neutralize anti-virus software by corrupting the local hosts file, inserting dummy addresses to override genuine anti-virus update URLs. SpamThru also downloads an illegal copy of Kaspersky Anti-Virus onto the infected computer, scanning the PC for viruses, whilst ensuring that it bypasses its own components. Interestingly, any other malware found on the system is removed the next time Windows reboots.Malware writerMalware writer spams out a stub infectionThousands of zombie machines awaitinginstructions to launch an attackInternet12The Stub findsvulnerable machines and recruits them into abotnetVictims server4Botnet zombies execute attackhigh volume spam cannon dispersal3The Stub downloadsthe complete spamthrufrom a compromisedwebsite and thecompromised computerjoins the botnetWebsiteSpamthruP2PbotnetJoins the botnetow Spamthru worksUntitled Document 3 Outlook and Predictions for 2007 Web and instant messaging protocols will present growing areas of concern relating to threats. Spyware domains will continue to host a mass of malicious software, posing a concern for organizations confronting such threats. As the email vector becomes more secure through tighter security controls, many more malicious emails now contain links to these websites and traditional anti-virus defenses cannot safeguard against such malicious web links. The only way to know if a link is bad is to follow that link, which is why it is increasingly important to secure the web traffic for an organization. These threats are only expected to converge further still throughout 007. As we have already seen in 006, malware levels have fallen, however, spam has continued to increase. In previous years there was a direct correlation between these two threats, i.e. as the botnets begin to decay criminals needed to create more of them, using a virus outbreak as the main vehicle for this. In 2006, for the first time, MessageLabs has observed this trend shifting in the other direction. By the end of 007, virus rates are expected to fall to around in 00 emails. One area that has been of increasing concern is ransomware. This is malicious software that when infecting its target will encrypt key files and documents using a secret key known only to the extortionist. Some form of payment must be exchanged in return for this key. Until now, it has been possible with vast resources of distributing computing power to brute-force crack these keys, often by the anti-virus industry itself. However, as the key strength increases, it is likely that at some time during 007 ransomware of this kind may actually be unbreakable.Spam will also become more targeted through 007. As we have already seen in 006 with geek spam targeting the technology sector, such approaches increase the probability of the spam reaching the intended recipient. We have started to see other sectors targeted in the same way, including Legal and Financial, each with its own particular lexicon of terms, making it easier to pollute the Bayesian filters trained to identify and eliminate spam, allowing more spam through over time.87%92%1in 300OctNovDecJanFebMarAprMayJunJulAugSepOctNovDecJanFebEmail SpamEmail Virus1 in 10020/day2/day200620072008Targeted attacksSpamthruFirst majormySpace exploitsAOL & Google Talkmerge presencenetworks80% of home usersinfected with spywareFirst VoIP exploitISPs under greater pressureto address attacks at theinternet levelFree WiFi becomes mainstream in many citiesPredictionsOutlook&predictionsfor 2007Untitled Document14As spammers continue to exploit loopholes in the ICANN registry agreements, domain kiting is set to continue. Domain names will continue to be registered and not paid for. A loophole that means these domains will be live for up to five days before they expire, meaning that spammers can capitalize on this, and send out vast quantities of spam containing links to short-lived domains, sometimes infested with spyware.As more and more contemporary botnets are engineered to become more resilient, they will require fewer outbreaks to ensnare zombie computers the criminals will be able to retain control of their botnets, only resorting to mass-mailed virus outbreaks in times of real need. SpamThru has been in the vanguard of this new approach, and it is likely that we will see other botnets start to employ similar techniques. It is expected that by the end of 2007, spam will continue to rise, reaching a plateau at around 92% of email traffic, based on projections of current analysis and trends. It is also expected that the number of worms targeting Mac OS X will rise in 2007. Windows Vista will be launched and the adoption may not be as high as some expect, especially in the business environment where Windows XP may be considered fit-for-purpose, and an upgrade to Vista at this stage may not be easy to justify straight away. Threats against this new operating system will also appear fairly quickly, and as users of new versions of Microsoft Office try to come to terms with the new ribbon interface, they will also find that they will be coming under attack from specially crated viruses and trojans before too long.The number of low-level targeted attacks against businesses will continue to rise throughout the year, reaching levels of as many as 20 such attacks per day. These attacks will also exploit other applications and become more difficult to identify and safeguard against. Traditional anti-virus software will offer little protection against these attacks.Greater automation is expected in 2007, with off the shelf kits becoming much more readily available, it is already possible for virus, spammer or phisher novices to buy a ready-made trojan kits from Russia that can be downloaded from the Internet, guaranteed to evade mainstream anti-virus defenses. It is even possible to extend the warranty such that when detection becomes available, the virus authors will create a new version for the criminals. These kits may be customized for as little as USD 800 and crafted to target any online banking website. The trojan approach works by monitoring browser addresses and when the victim visits a target site, the trojan will wait for the user to complete the authentication process before hijacking the session and handing control to the criminals. In this way, these trojans are already capable of circumventing two-factor authentication used by some banking websites, but it is only because two-factor is not yet a mainstream technology, these types of attack are not widespread. This is likely to change in 007, however, as more banks move down this route. The majority of phishing attacks will continue to target organizations that have not yet deployed two-factor technology.As with web threats, convergence is a major concern of users of Instant Messaging. A link to a malicious web site may be sent to an unsuspecting user via IM, thus transferring the attack to the web, where the spyware or malware may be automatically downloaded and installed. These threats are expected to rise by the end of 2007, making IM a significant security concern for many organizations if it isn t already.Furthermore, since Yahoo! and MSN opened their IM networks up to each other in 2006, it is expected that later in 2007 the same will be happen between AOL and GoogleTalk, and as we see these ecosystems begin to marry, common standards will emerge and at some point the cyber criminals will take a keener interest in exploiting this environment. Later in 2007, it is expected that VoIP threats to businesses will emerge more strongly in the same way that attackers are now targeting application vulnerabilities, a maliciously crafted VoIP packet may perhaps be able to crash the VoIP application and render control to the attacker. Through 2006 we have already seen the use of VoIP as a playground for a new breed of spammers using SPIT (Spam for Internet Telephony). Spammers can reap the same low-cost benefits as those adopting the new technology at home, and can use the technology to spoof telephone numbers of genuine businesses and financial institutions when making bogus calls.Untitled Document 54 ConclusionThe risks associated with messaging attacks are not only a technology issue potentially resulting in data loss, infrastructure downtime, but potentially libelous, impacting brand reputation, as well as employee, client and partner relations. Consequences are potentially damaging and costly, with major effects on revenues, share price and bottom line and above all loss of intellectual property and trade secrets. Analysis of MessageLabs Intelligence data suggests that the sophisticated targeted email attacks were a relatively new phenomenon, only directed against businesses and organizations for the past 18 months MessageLabs is now intercepting two incidents each day and expects this trend to continue to grow as traditional defenses are almost useless against such attacks.Businesses today are increasingly targeted by more malicious and insidious messaging attacks than ever before, and can no longer afford to be complacent. This does not however, mean that the cyber-criminals have won. Companies can take control of their security and through education, vigilance and the adoption of a managed services approach that goes far beyond traditional desktop or gateway protection; they can gain peace of mind and the reassurance that the problem is being addressed.In 007, it is inevitable that ISPs will come under more pressure from business and governments to address these issues at the Internet level itself, taking the fight closer to the source of the problem. Untitled Document 6MessageLabs IntelligenceMessageLabs Intelligence is a respected source of data and analysis for email security issues, trends and statistics. MessageLabs provides a range of information on global email security threats based on live data feeds from our control towers around the world. The information relating to MessageLabs services contained in this report is based on data generated internally by MessageLabs unless otherwise indicated.For more information on MessageLabs Intelligence and the analysis provided, please visit:www.messagelabs.com/intelligenceAbout MessageLabsMessageLabs is the leading provider of messaging security and management services with more than 15,000 clients around the world. Delivered across an Internet-level, globally distributed platform, its fully managed services ensure the integrity of your electronic communications, helping organizations to manage and reduce risk while securing critical business infrastructure and information integrity. For more information on MessageLabs, please visit www.messagelabs.com.Untitled Document email@example.comFreephone UK0800 917 7733Toll free US1-866-460-0000EuropeHEADQUARTERS1270 Lansdowne CourtGloucester Business ParkGloucester, GL3 4ABUnited KingdomT +44 (0) 1452 627 627F +44 (0) 1452 627 628LONDON3rd Floor40 Whitfield StreetLondon, W1T 2RHUnited KingdomT +44 (0) 207 291 1960F +44 (0) 207 291 1937NETHERLANDSDe Geelvinck, Office 5.06Singel 540 0 7 AZAmsterdamNetherlandsT +31 (0) 20 5 222 393F +44 807 238 4401BELGIUM / LUXEMBOURGCullinganlaan 1BB-1831 DiegemBelgiumT +32 (0) 2 403 12 61F +32 (0) 2 403 12 12DACHFeringastra e 985774 Unterf hringMunichGermanyT +49 (0) 89 189 43 990F +49 (0) 89 189 43 999 MessageLabs 2006All rights reservedAmericasAMERICAS HEADQUARTERS5 Seventh Avenue6th FloorNew York, NY 10018USAT +1 646 519 8100F +1 646 452 6570CENTRAL REGION7760 France Avenue SouthSuite 00Bloomington, MN 55435USAT +1 952 886 7541F +1 952 886 7498Asia PacificHONG KONG 60 Tower II89 QueenswayAdmiraltyHong KongT +852 2111 3650F +852 2111 9061AUSTRALIALevel 6107 Mount Street, North SydneyNSW 2060AustraliaT +61 2 8208 7100F +61 2 9954 9500SINGAPORELevel 14Prudential Tower30 Cecil StreetSingapore 049712T +65 62 32 2855F +65 6232 2300