October 27, 2008
Secure Computing Releases Q3 Internet Threats Report and Predictions for 2009
Secure Computing Corporation (NASDAQ: SCUR), a leading enterprise gateway security company, today published the Q3, 2008 Internet Threats Report containing data and analysis covering both email and Web-based threats. The report was compiled by the Secure Computing research teams and based on the company's TrustedSource Global Reputation System with its unique and unparalleled view of worldwide Internet traffic. Among the report's findings, Q3 saw the emergence of new malware targeting users of the popular social networking sites MySpace and Facebook as well as panic-inducing "bank failure spam" intending to capitalize on the current financial crisis. "Scareware" programs also spread rapidly, while election-related spam soared, with Senator Obama easily defeating his opponent in terms of spam popularity. More detailed information follows, and the entire report can be accessed at http://www.securecomputing.com/pdf/SCC-InternetThrtRprt-Oct08.pdf
Q3 Spam Trends Statistics & Analysis
Spam volume returned to record highs in Q3 with fairly steady monthly increases throughout the summer. The acquisition of innocent machines via email and Web-based infections continued in Q3, with over 5,000 new zombies created every hour. The United States continued its role as the largest originator of spam messages, nearly doubling its worldwide share from 16.6% in Q2, 2008 to 32.1% in Q3. The Q3 report further discusses the following topics in detail:
-- Q3 saw the emergence of "Breaking News" spam as a new vehicle that enticed readers to click for breaking news flashes with interesting and provocative headlines. -- Misguided "Delivery Status Notifications" made a strong resurgence onto the "Most Common Spam" list. -- Spammers continue to leverage election topics to lure users. After the second presidential debate on October 7th, Obama gained popularity among spammers, and over 80% of election-related spam currently bears his name. -- Secure Computing's TrustedSource Labs estimates the number of worldwide U.S. election-related spam email to be approximately 100 million messages per day.
Malware Statistics and Analysis
-- The United States and China dominate the world in the number of hosted Websites which distribute malware, with nearly 60% of all malware-infected URLs served from these two countries. In terms of phishing attacks, the United States and the Netherlands host nearly 60% of all URLs used. -- Phishing attacks spiked significantly following the announcements of various bank failures in late September. While there was no strong trend towards using any one specific bank or bank failure, overall increases in phishing activity in the days following each major announcement were recorded. -- Previously, successful SQL injection attacks on legitimate Websites included links directing users to one of a few dozen or so malicious sites. This summer, however, more attacks were launched where each infected page included a link to a unique and individualized malicious site (a 1-to-1 infection/attack ratio). -- A large increase in the number of heavily promoted phony malware/spyware removers or "scareware" occurred at the end of the quarter. Secure research expects this to be an increasing problem that will rapidly evolve to a greater level of sophistication.
Predictions Moving Forward
Secure Computing Research offered the following predictions for the rest of the year and into 2009:
-- During the '06 holiday season, mail volumes reached a record 100 billion daily messages. As we enter the '08 season, we're over 200 billion messages. Secure predicts a 25% increase in Q4, and new records for mail and spam volumes. -- As the global financial crisis continues, criminals will take advantage of the panic and fear among consumers and increase their targeted phishing attacks substantially. -- With upcoming holiday spam increases combined with the mounting use of blended threats, spammers will increasingly use the lure of free coupons and gift cards. -- Today, most malware attacks are financially motivated and target end- users. In the coming year, we believe there is a greater likelihood of attacks meant to manipulate public opinion in order to exploit the stock market. -- Going into 2009 and beyond, politically motivated attacks will become more widespread, such as attacks on national cyber infrastructure by hackers. Denial-of-Service and Website compromise attacks against key government and economic cyber resources of Estonia and Georgia were foreshadowing things to come. -- In 2009, Web attack toolkits will add new target platforms to their arsenal of "supported" targets. The iPhone is one such candidate, as are "Web 2.0" social platforms such as Facebook and MySpace. As the popularity of these platforms increase, the likelihood of them being targeted rises as well. -- By the end of 2009, about half of all Web-borne malware will likely be hosted on compromised legitimate Websites as it becomes increasingly difficult for criminals to purchase malware hosting services from companies that once looked the other way.
Over the course of Q3 the TrustedSource reputation system was able to identify over 600 new Websites that have been deployed and tagged with a malicious reputation prior to serving any malicious content. Identifying these Websites proactively through the use of traffic analysis and examination of historical connections to criminal individuals or networks is now essential as they are increasingly used to deploy zero-day/zero-hour malware code that is not detected by the traditional signature-based, anti-malware products.
Secure Computing researchers recommend that both enterprises and consumers assure their software and patches are up-to-date, and that they implement a multi-layered approach to preemptively detect and block attacks. Appliances utilizing Secure Computing's advanced TrustedSource global reputation system and Secure Web Anti-Malware detection technology put organizations a giant step ahead of others both in protecting against existing threats, and new malware or variants.
The Q3 Internet Threats Report is available for download at: http://www.securecomputing.com/pdf/SCC-InternetThrtRprt-Oct08.pdf. For more information about TrustedSource, Secure Web and other Secure Computing technologies, products and solutions, please visit www.securecomputing.com.
About Secure Computing Corporation
Secure Computing Corporation (NASDAQ: SCUR), a leading provider of enterprise gateway security, delivers a comprehensive set of solutions that help customers protect their critical Web, email and network assets. Over half the Fortune 50 and Fortune 500 are part of our more than 22,000 global customers, supported by a worldwide network of more than 2,000 partners. The company is headquartered in San Jose, Calif., and has offices worldwide. For more information, see http://www.securecomputing.com.
All product names and trademarks are the property of their respective firms.
This press release may contain forward-looking statements which are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Investors are cautioned that these forward-looking statements involve risks and uncertainties that could cause actual results to differ materially from current expectations. For example, there can be no assurance that demand for the company's products will continue at current or greater levels, or that the company will continue to grow revenues, or be profitable, or that the company will be able to motivate and retain key employees, staff current and future projects in a cost-effective manner, or effectively control its marketing, research, development and administrative costs. There are also risks that the company's pursuit of providing network security technology might not be successful, or that if successful, it will not materially enhance the company's financial performance; that changes in customer requirements and other general economic and political uncertainties and weaknesses in geographic regions of the world could impact the company's relationship with its customers, partners and alliances; and that delays in product development, competitive pressures or technical difficulties could impact timely delivery of next-generation products; and other risks and uncertainties that are described from time to time in our periodic reports filed with the Securities and Exchange Commission. The company specifically disclaims any responsibility for updating these forward-looking statements.
Ally Zwahlen Secure Computing Corporation 925-288-4175 Email Contact Paula Dunne Contos Dunne Communications LLC 408-776-1400; 408-893-8750 cell Email Contact
SOURCE: Secure Computing