FYI...
m86 Security Report - 1H 2011
- http://www.m86security.com/documents...ort_1h2011.pdf
July 20, 2011 - "... During this period, Web-based threats continued to grow more sophisticated. However, email threats such as spam decreased markedly following the takedown of major spam operations. Key Points:
• Many of the vulnerabilities targeted today are found in the Adobe and Java platforms. This highlights the fact that these applications often remain unpatched. Organizations and individuals should ensure that these software applications are patched promptly.
• Although spam volumes have declined since the closure of Spamit.com and takedown of the Rustock botnet, spam remains a problem for most organizations. The volume of malicious spam has returned to previous levels. Attackers continue to craft more legitimate looking messages in order to coax users into executing malicious files.
• Cybercriminals continue to experiment with combined attacks, evidenced by the recent spate of “spear-phishing” (target attacks that used Microsoft Office document files with embedded shockwave files that exploit vulnerabilities in Adobe Flash).
• There has been an increase in phishing attacks that include an HTML attachment, which is used to bypass anti-spam an anti-phishing filters in the browser.
• Facebook scams surged in the first half of 2011, as cybercriminals experimented with different ways to dupe social networkers into helping them earn a profit. One scam led users to trojans and fake anti-virus software for the Mac..."
(More detail in the PDF at the URL above.)