-New trends in C-level targeted email attacks; spammers use PDFs to target victims for ‘Pink Sheet’ fraud -

New York and London – July 2, 2007 – MessageLabs, the leading provider of messaging security and management services to businesses, today announced the results of its June MessageLabs Intelligence Report and a review of the second quarter of 2007. New data announced today reveals a new trend in highly targeted C-level and senior management email attacks in larger volumes than previously seen.

On June 26, MessageLabs intercepted more than 500 individual email attacks targeted toward individuals in senior management positions within organizations around the world. The attack was so precisely addressed that the name and job title of the victim was included within the subject line of the email. An analysis of the positions targeted reveals that Chief Investment Officers accounted for 30 percent of the attacks, 11 percent were CEOs, CIOs accounted for almost seven percent and six percent were CFOs. Other titles among the top ten targets included Directors of Research, Directors of Development and company Presidents. These emails had a Microsoft Word document attached which contained embedded executable code. When opened, the executable code would activate a trojan component that would then compromise the victims computer.

Reinforcing these findings, MessageLabs has also recently intercepted emails where the recipients of the attack email are related or connected to the actual intended target, for example a spouse or dependent of a CEO. The intent is to compromise the family computer and indirectly gain access to confidential correspondence and intellectual property relating to the target.

“This evolving trend of increasingly highly personalized attacks emphasizes the effort and research in which the bad guys are willing to engage to potentially obtain very lucrative information,” said Mark Sunner, Chief Security Analyst. “With social networking tools, such as Face Book, Linked-In and MySpace, now highly populated with valuable content, personal information and sought-after details, it is easier than ever for the bad guys to harvest the personal details needed to personalize their attacks.”

Other significant trends this month include the continued innovation from spammers regarding image spam. Accounting for approximately 20 percent of all spam targeting businesses, image spam has evolved from static attachments to dynamic hosted images in the form of PDF attachments that mimic real market reports or collateral to entice recipients into believing the scam. With the traditional image spam included within a PDF, a commonly trusted attachment format, it can bypass traditional anti-spam technologies.

“Penny Stock” spamming is also on the rise as a reaction to recent sanctions by the SEC (Security & Exchanges Commission). The SEC suspended trading on 35 companies listed on the ‘Pink Sheets,’ a register of over-the-counter stocks which, due to their smaller asset sizes and share prices, do not qualify for the more stringent and regulated NASDAQ listing. As these companies were the subject of recent and repeated spam email campaigns, the spammers have changed their tactic and are investing in overseas stock, predominately in German ‘pump-and-dump’ spam.

Other report highlights:

Spam:
In June, the global ratio of spam in email traffic from new and unknown bad sources was 72.4 percent (1 in 1.38), a decrease of 0.3 percent on the previous month. Without the additional measures MessageLabs applies at the Internet level to filter out known spam and make it more difficult for spammers to reach MessageLabs clients, 81 percent of email traffic would have been identified as spam this month. When reviewing the overall spam rates on a quarterly basis, this is the third quarter with spam levels in excess of 73 percent, previous to this, levels at this rate were last reported in Q1 2005.

Viruses:
In June, the global ratio of viruses in email traffic from new and previously unknown bad sources destined for valid recipients, was 1 in 127 (0.79 percent), a decrease of 0.06 percent since May. With Q2 2007 virus levels falling to 1 in 130.2, it may appear that virus levels have reached their lowest quarterly level since Q2 2003. However, the sophistication in techniques is reaching new heights and hence has become increasingly more difficult for traditional anti-virus countermeasures to safeguard.


Phishing:
June showed a decrease of 0.17 percent in the proportion of phishing attacks compared with the previous month, with one in 123.6 emails being a phishing attack. However, the number of phishing attacks increased by 0.81 percent as a proportion of all email-borne threats, now accounting for 72.2 of all malicious malware threats intercepted by MessageLabs in June. Overall for the quarter, phishing activity accounted for 70.8 percent of the malware threats, and increase of 8.6 percent on the previous quarter. For the same period in 2006 this level was around 12.1 percent.

Geographical Trends:

• Israel and India both retained their positions at the top of the spam and virus charts, respectively.
  
• Hong Kong is quickly becoming a safe-haven for the hosting of “spamvertized” sites, websites advertised in spam messages, as well as some phishing domains. The rationale seems to be that sites hosted with a ‘.hk’ suffix will remain operational for a much longer period as it seems to take longer to close them down.
  
• United Arab Emirates experienced the highest increase in virus levels (up 0.23 percent).
  
• Austria (up 3.3 percent) and Australia (up 2.1 percent) received the highest increase in spam activity.
  
  

Vertical Trends:

• Spam levels dropped slightly across the top five verticals - Agriculture, Manufacturing, Education, IT Services and Marketing/Media, with the top four positions unchanged since May.
  
• The Chemical/Pharmaceutical industry retained its position at the top of the virus chart for a second consecutive month (1 in 68.9) while the Telecoms sector also remained the least targeted vertical (1 in 662.4).
  
  

The June 2007 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 19,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com.

Media Contacts:

US:
Marissa Vicario, MessageLabs, +1 646 519 8116, mvicario@messagelabs.com,
Hill & Knowlton for MessageLabs, +1 212-885-0552, messagelabs@hillandknowlton.com

EMEA:
Paul Wood, MessageLabs, +44 (0) 1452 627705, pwood@messagelabs.com
Weber Shandwick for MessageLabs, +44 (0) 20 7067 0500, mlukpr@webershandwick.com

APAC:
Andrew Antal, MessageLabs, +61 2 8208 7171, aantal@messagelabs.com
Spectrum Communications for MessageLabs, +61 2 9954 3299, messagelabs@spectrumcomms.com.au