AppRiver Threat Landscape

AppRiver Threat Landscape: Quarter 1 and 2, 2010

By N DePofi June 29th 2010

AppRiver, the Gulf Breeze Florida based web security and email company, has issued a new report titled “AppRiver notes: Threat & Spamscape report Special 6-Month Edition: June 2010,” briefly covering online threats the company has monitored over the last six months.

Highlights of the report include the one-year anniversary of the Conflicker worm, phishing and spear phishing attacks based on natural disasters, carbon credits, lawsuits, the IRS and the FIFA World Cup.  The report includes a breakdown showing the origin of the 26 billion spam emails blocked by AppRiver in the first half of 2010, and the source region of both spam and malicious email messages, with the United States topping the spam chart at 2.5 billion spam emails, and Europe topping the Malware chart with 44.7%.

Virus activity has also been heavy for the six months reported, with AppRiver noting that more than 45 million virus messages had been blocked in the thirty days prior to the reports publication, or more than one out of every ten emails scanned.

In March, AppRiver blocked over five thousand emails purporting to contain information regarding a lawsuit with a link to a file named complaint.rtf, the link led to another file called complaint_docs.pdf, which actually contained a  Trojan.Dropper.

Scams masquerading as IRS messages utilized tokens to customize emails based on the recipient contained a link to a page with a download link to an .exe file. The file actually installed ZeuS, a phish-kit that is used to steal banking information.

” The Zeus crimeware toolkit has been around now for some time and is well established in the underground economy as being an easy-to-use and powerful tool for stealing personal data from remote systems. Initially linked to a group of criminals known as the “Rock Phish” group and targeting worldwide financial institutions, the toolkit has since become widely available both for sale and for free on underground forums.” (Peter Coogan “Zeus, King of the Underground Crimeware Toolkits” August 25th, 2009)

Other attacks that used ZeuS in the first half of 2010 included FaceBook, MySpace, UPS, DHL, the Royal Mail in the UK, and the Canada Post. ZeuS was prolific enough that US-CERT released a bulletin on March 17th, 2010.

One variation of an older attack style, named the ‘419 scam’ after Article 419 of the Nigerian Criminal Code (Advanced Fee Fraud), also known as the Nigerian Prince scam, started in January 2010 and targed FIFA World Cup fans.  These attacks claim that the recipient has won the Online Web Lottery held in South Africa in support of the World Cup, with a prize of one million dollars. The email contained a link to what looked to be an online gaming site, though most of the links were merely images, the ‘live help’ link led to a form asking for personal details. These details could be used to aid criminals in stealing the user’s identity.

U.S. Spends $8.8 Billion to Secure Classified Data

More Than Half Goes Toward Safeguarding IT Systems

June 28, 2010

More than half the money the government earmarked to safeguard state secrets last year went for information security, with nearly 90 percent of that was spent to protect IT systems against unauthorized access to or modification of information and the denial of service to authorized users, according to a report issued Friday by the Information Security Oversight Office.

Part of the National Archives and Records Administration, the Information Security Oversight Office receives policy and program guidance from the National Security Council and is responsible to the president for policy and oversight of the governmentwide security classification system.

“A responsible and efficient security classification program requires commitment, diligence and integrity.” Information Security Oversight Office Director William Bosanko wrote in a letter accompanying the report. “It is of particular importance that the classification system be implemented in a manner that makes for the most efficient and effective use of the finite resources available to departments and agencies.”

New spending on personnel, security management and classification management nudged expenditures upward for the classified information system by 1.3 percent. In its report, the office said that the government spent more than $8.8 billion on security classification and declassification costs in fiscal 2009, including nearly $4.8 billion on information security.

Visit for more information.