Threat Metrics / Malware magnets ...
FYI...
Malware magnets ...
Cisco's threat metrics show pharmaceutical and chemical firms are 11 times more susceptible to Web malware
- http://www.infoworld.com/t/cyber-cri...magnets-238909
Mar 24, 2014 - "... Cyber crime has been estimated* at costing the U.S. economy $100 billion annually, with smaller companies feeling the pain** more often due to inadequate defenses. If Cisco's analyses are on track - and the numbers hold true for people outside of Cisco's customer base - attacks are likely to grow even more targeted to match their victims in the future, with narrower niches singled out by attackers based on their industry."
* http://www.infoworld.com/d/security/...00-jobs-223352
** http://www.infoworld.com/d/security/...r-crime-216543
Feb 2014 Threat Metrics
- http://blogs.cisco.com/security/febr...hreat-metrics/
Mar 21, 2014 - "Web surfers in February 2014 experienced a median malware encounter rate of 1:341 requests, compared to a January 2014 median encounter rate of 1:375. This represents a 10% increase in risk of encountering web-delivered malware during the second month of the year. February 8, 9, and 16 were the highest risk days overall, at 1:244, 1:261, and 1:269, respectively. Interestingly, though perhaps not unexpectedly, web surfers were 77% more likely to encounter Facebook scams on the weekend compared to weekdays. 18% of all web malware encounters in February 2014 were for Facebook related scams.
> http://blogs.cisco.com/wp-content/up...eb2014Rate.jpg
The ratio of unique non-malicious hosts to unique malware hosts was fairly constant between the two months, at 1:4808 in January 2014 and 1:4775 in February 2014. Likewise, the rate of unique non-malicious IP addresses to malicious IP addresses was also similar between the two months, at 1:1330 in January 2014 compared to 1:1352 in February 2014.
> http://blogs.cisco.com/wp-content/up...b2014hosts.jpg
While Java malware encounters were 4% of all web malware encounters in January 2014, that rate increased to 9% in February. Of particular interest was the increase in the rate of Java malware encounters involving versions older than Java 7 or Java 6, which increased to 33% of all Java malware encounters in February 2014 from just 13% in the month prior.
> http://blogs.cisco.com/wp-content/up...eb2014java.jpg
During the month of February 2014, risk ratings for companies in the Media & Publishing vertical increased 417%, Utilities increased 218%, and Insurance 153%. Companies in Pharmaceutical & Chemical remained at a consistent high rate, with a slight increase from a 990% risk rating in January 2014 to an 1100% risk rating in February. To assess vertical risk, we first calculate the median encounter rate for all enterprises, and then calculate the median encounter rate for all enterprises in a particular vertical, then compare the two. A rate higher than 100% is considered an increased risk.
> http://blogs.cisco.com/wp-content/up...eb2014vert.jpg
Following a January 2014 spam volume decrease of 20% in January 2014, spam volumes increased 73% in February 2014...
> http://blogs.cisco.com/wp-content/up...014spamvol.jpg
The top five global spam senders in February 2014 were the United States at 16.5%, followed by the Russian Federation at 12.41%, with Spain, China, and Germany a distant 3.77%, 3.39%, and 3%, respectively. Though the Russian Federation was also in the number two spot in January 2014, it was a significant volume increase from only 5.10% of global spam origin that month."
___
Secure Message from various banks – fake PDF malware
- http://myonlinesecurity.co.uk/secure...e-pdf-malware/
Mar 27, 2014 - "... pretends to come from various banks is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Almost all of these have a password stealing component, with the aim of stealing your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your facebook and other social network log in details... We have seen a couple of different versions over the last few days from different banks, including HSBC, and Natwest...
Subjects seen are:
You have a new Secure Message
You have received a secure message
HSBC secure mail
Secure Message
You have received a secure message
Read your secure message by opening the attachment. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it with Internet Explorer.
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the HSBC Secure Mail Help Desk.
First time users – will need to register after opening the attachment...
Screenshot: http://myonlinesecurity.co.uk/wp-con...ecure-mail.png
Natwest Secure Message:
You have received a encrypted message from NatWest Customer Support
In order to view the attachment please open it using your email client ( Microsoft Outlook, Mozilla Thunderbird, Lotus )
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the NatWest Bank Secure Email Help Desk...
27 March 2014 : Version 1 (NatWest bank) SecureMessage.zip (8kb Extracts to SecureMessage.exe (19kb)
Current Virus total detections: 5/51* MALWR Auto Analysis **
27 March 2014 : Version 2 (HSBC) SecureMessage.zip (11kb) Extracts to SecureMessage.exe (24kb)
Current Virus total detections: 0/51*** MALWR Auto Analysis ****
This You have received a secure message is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email..."
* https://www.virustotal.com/en/file/e...12a4/analysis/
** https://malwr.com/analysis/ZmFkZDRhN...Q5YzlhODQ1Zjg/
*** https://www.virustotal.com/en/file/e...3cbb/analysis/
**** https://malwr.com/analysis/NGI0NjVmY...RjMDVmYmMyZTQ/
___
Facebook You send new photo – fake PDF malware
- http://myonlinesecurity.co.uk/facebo...e-pdf-malware/
Mar 27, 2014 - "... pretending to be from Facebook is another one from the current Androm bot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. Almost all of these have a password stealing component, with the aim of stealing your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your facebook and other social network log in details. This campaign follows on from other similar attempts to infiltrate your computer using Facebook as a theme...
Screenshot: http://myonlinesecurity.co.uk/wp-con...-new-photo.png
27 March 2014 DCIM_IMAGEForYou.rar (40kb) Extracts to DCIM_IMAGEForYou.scr
Current Virus total detections: 1/51* MALWR Auto Analysis**
This You send new photo is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/7...9404/analysis/
** https://malwr.com/analysis/ZWQyMjdkY...hjZWVlNTVjMmM/
