Polymorphic malware rate peaks at 72 per cent in September: Symantec

Polymorphic malware levels in September 2011 were 53.5 per cent from August and cyber criminals are leveraging new tactics in attacks, according to Symantec.

At the end of July, the level was 23.7 per cent, in August it fell 5,2 per cent to 18.5 per cent before soaring to 72 per cent in September, the company said.

The results were reflected in its September 2011 Symantec Intelligence Report (SIR), which revealed smart printers and scanners are being used in social engineering attacks

Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes ("morphs"), making it difficult to detect with anti-malware programs.

Symantec said that smart printers enable businesses to email scanned documents to specific email addresses on request, and this functionality is liable to attack as cyber criminals can intercept the scanned email feature and send a malware disguised as a compromised “.zip” archive file.

Symantec Cloud senior intelligence analyst, Paul Wood, said the statistics showed the way cyber criminals had intensified their assault on businesses in 2011 and abused the flaws of traditional security countermeasures.

“The idea of an office printer sending malware is perhaps an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future,” Wood said.

Symantec Intelligence also noticed the use of identified vulnerabilities in some older versions of the popular WordPress blogging software on a large number of Web sites across the Internet.

The misuse of these susceptibilities to serve spammers’ interests is a reminder to ensure software was updated with latest patches and releases, Symantec said.

Additional research also revealed that JavaScript is becoming increasing popular with spammers and malware authors as it allows spammers to obscure where they are redirecting, and in some cases, concealing entire Web pages.

Other report highlights include:

• Spam: The global ratio of spam in email traffic declined to 74.8 per cent, a decrease of 1.1 percentage points when compared with August 2011.
• Phishing: In September, phishing email activity diminished by 0.26 percentage points since August 2011. In Australia, phishing activity accounted for one in 740.0 emails.
• E-mail-borne threats:- The global ratio of email-borne viruses in email traffic was one in 188.7 emails (0.53 per cent), an increase of 0.04 percentage points since August 2011. In Australia, one in 341.5 emails was malicious.
• Web-based malware threats: An average of 3474 websites each day harbour malware and other potentially unwanted programs – including spyware and adware; an increase of 1.0 per cent since August.
• Endpoint threats:The most frequently blocked malware for the last month was W32.Sality.AE, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Please note this is vendor-sponsored research and should be approcahed as such