Messaging and Web security firm MessageLabs has released its annual report on the state of the online “threat landscape,” which contains some figures and forecasts which, while sad, hardly come as any surprise.
The 2006 Annual Security Report (PDF) finds that 86.2 percent of all email on the Internet is now spam (a figure even higher than Postini‘s October assessment that 80 percent of email is spam), with botnets—legions of Windows machines infected by software controlled remotely by spammers—accounting for 80 percent of all spam in circulation. MessageLabs found that 63.4 percent of spam came from new and unknown sources, making the use of DNS blacklists to block spam increasingly ineffective, and so-called “geek spam”—spam messages festooned with technical terms and buzzards to get past language filters—emerging as a new development.
Phishing attacks—messages and sites which attempt to dupe Internet users out of personal and financial information—grew in 2006 and now account for one in every 274.2 email messages, and 24.8 percent of all malicious email messages intercepted by MessageLabs during the year—and rising sharply during the year from 10.6 percent in January to 68.6 percent by the end of the year. In 2004, phishing attempts accounted for only 13.1 percent of malicious email messages intercepted by the company.
Some good news: MessageLabs found that 2006 was a surprisingly low-key year for viruses, however, with the January 2006 emergence of the Kama Sutra worm being the only major outbreak for the year.
Looking forward to 2006, MessageLabs foresees spam, viruses, and spyware further converging, with cybercriminals eschewing viruses and sending more malicious email messages with links which slip past email filtering software and link to software and sites which can infect unprotected computers. Spam will also become more targeted, with “geek spam” expanding to financial and legal sectors.
MessageLabs also predicts an increase in “ransomware”—malicious software which encrypts a user’s key files and documents and offers to unlock them only when an online criminal is paid—and an increase in worms targeting Apple’s Mac OS X.