October 02, 2009 MALWARE,PHISHING

Two months running: Overall spam and virus levels decline

For the second month running, the level of spam and viruses has dropped, as the US and Brazil continue being the primary sources, according to managed security firm, Network Box.

Analysis of Internet threats by Network Box in September 2009 shows that although the overall volume of spam and viruses has dropped slightly, viruses from Brazil have risen by two percent and China has replaced Korea as the third largest source of spam – its levels rising by just one percent in September.

Brazil returns as the world’s number one source of viruses with 16.4 percent of viruses coming from the country, beating the US by 4.6 percent and Korea by a massive 10.4 percent.

Although Brazil tops the spam charts, levels of spam originating from Brazil dropped by 1.6 percent in September. Levels of Spam from the US have also dropped by 1.10 percent.

Phishing attacks, however, remain consistently high at 33.2% of all viruses.

The Network Box global Alert Condition, however, remains at Level 2 for the second consecutive month. While this alert condition continues to be the lowest in nine months, it indicates that Network Box is seeing only limited virus/worm activity, with no major unexploited vulnerabilities or threats.

Mark Webb-Johnson, CTO of Network Box Corporation, says, “Worryingly, phishing attacks remain high, indicating that many Internet users – both corporations and individuals – are still being compromised. We are still concerned about the SMB2 vulnerabilities affecting Vista and Windows Server 2008 (Microsoft Security Advisory 975497) and are keeping a very close eye on how this develops.”

Simon Heron, Internet Security Analyst for Network Box adds: “The proportion of phishing attacks suggests that this is proving to be a successful tactic and it can be see that the exploits are becoming increasingly sophisticated. So, IT departments should take this opportunity as people are back from holiday to repeat their warnings about phishing, make themselves aware of the threat and ensure their defence are fully updated.”