China, not US, Source of Most Targeted Attacks

According to Symantec, a security firm, most targeted attacks made by malicious software in March 2010, which, initially seemed to arrive from U.S., in fact came from Romania and China. Experts revealed this on March 25, 2010 in Symantec's March 2010 MessageLabs Intelligence Report.

Based on analyzing mail server location, experts who studied targeted attacks discovered that initially most targeted attacks seemingly originated from the US. These include phishing e-mails delivered to specific people in less magnitude in an attempt to gain access to sensitive corporate information through sender location. Researchers, however, noted that when analyzed by sender location, compared to the US (13.8), a majority of targeted attacks in fact originated in China with 28.2% and Romania with 21.1%.

Paul Wood, senior analyst at Symantec, said that a major fraction of targeted attacks is transmitted from legal webmail accounts, which resides in US, hence, sending mail server's IP address can not actually indicate the accurate source of attack, as reported by V3.co.uk on March 26, 2010.

He added that the original source of targeted attacks can well be disclosed by analyzing IP address of the sender, instead of analyzing email server's IP address.

Furthermore, the breakdown of these targeted attacks reveals that people most vulnerable to targeted malware attacks are accountable for defense policy and foreign trade, particularly in the context of Asian countries. In Taiwan, the virus activity was one in 90.9 e-mails, hence, for email-borne malware, it was a highly targeted country in March (2010). Comparatively, one in 552 e-mails distributed to the mailboxes in the US had malware.

The global ratio of viruses laced with e-mails to the regular e-mail traffic in March as was one in 358.3 e-mails, i.e. 0.28%, a 0.05% drop since February. 16.8% of email-borne malware in March carried links to spiteful websites, a significant 13.7% decrease since February.

Symantec also observed that after the links to identified black spots were removed from the picture, spam rates in the month of March reached 90.7%, up 1.5% since February. The source of a large number of junk e-mails was the compromised networks of zombie PCs infested with maleare. Remarkably, TLS connections were used by 77% of the spam delivered from Rustock botnet in the month of March.

Related article: China’s Best Initiatives To Deal With Spam

» SPAMfighter News - 4/5/2010