Symantec Corp. today announced the publication of its March 2010 MessageLabs Intelligence Report. Analysis of the origins of targeted attacks, malicious emails sent in small volumes aimed at gaining access to sensitive corporate data, reveals that the majority of targeted malware sent this month, originated in the United States (36.6 percent) based on mail server location, but when analysed by sender location, more targeted attacks actually originated in China (28.2 percent), Romania (21.1 percent) and United States(13.8 percent).
“When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem,” said Paul Wood, MessageLabs Intelligence Senior Analyst. “A large proportion of targeted attacks are sent from legitimate webmail accounts which are located in the US and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack. Analysis of the sender’s IP address, rather than the IP address of the email server reveals the true source of these targeted attacks.”
While the most common file types attached to all malicious emails were .XLS and .DOC file types, the most dangerous file type identified was encrypted .RAR files, a proprietary compressed archive format. .XLS and .DOC file types each accounted for 15.4 percent of file attachments to email in March and the top four most common file types — .XLS, .DOC, .ZIP and .PDF accounted for 50 percent of files attached to emails. Encrypted .RAR files accounted for approximately 1 in 312 (0.32 percent) malicious files attached to emails in March. Although a relatively uncommon file type, it is compromised 96.8 percent of the time when attached to an email.
The .EXE file type is the most likely to cause suspicion as being be compromised when attached to an email. However, in March executable file types accounted for 6.7 percent of files attached to email and were found to be compromised 15 percent of the time. Although there are a great number of malicious emails that use the most common file extensions, .XLS, .DOC, .ZIP and .PDF, as attachments, they are more often included as attachments to emails that are safe.
The March 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx