Date published: 01.09.08 - not release date

New report reveals 20 billion spam emails are targeted at UK computer users every day

PRESS RELEASE - under embargo 00:01 Monday 3rd December
Editorial note: Any use of these statistics needs to be accredited to IronPort Systems.



For more info, contact: Paul Doran / 0207 8199333 / paul@switchcoms.com



New report reveals UK computer users are now number three on the global hit list for spam gangs

20 billion messages sent to UK every day, a 100% increase on 2006



IronPort has today released the finding of it annual report on Spam Virus trends of 2007 and predictions for 2008



London, UK: 3rd December 2007 – IronPort Systems has today announced the availability of its 2008 Internet Security Trends Report. The IronPort report highlights the key security trends of today and suggests ways to defend against the sophisticated new generation of Internet threats certain to arise in the future.


Key highlights

·120 billion spam messages are sent every day worldwide

·20 billion spam messages are targeted at the UK every day

·98% of all e-mail traffic is now spam

·UK on-line Christmas shopping to be targeted

·In 2008 social network sites will become prime source of personal data for spam gangs to target UK



Amateur Hour is Over – spam is now a $200 billion business
“2007 marks a turning point for threats in the UK. Just when malware design seemed to have reached a plateau, new attack techniques have emerged, some so complex – and obviously not the work of amateurs – they could have only been designed by means of sophisticated research and development,” said Jason Steer, European Product Manager, IronPort. “For a time, security controls designed to manage malware were working. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and the sophistication increased.


Information is the New World Currency
Spam, virus and malware attacks are costly. The average UK computer user spends 5-10 minutes dealing with spam every day. Clean up cost are estimated at $500 per computer. An estimated 60 million people have had data about themselves exposed over the past 13 months, and there has been an estimated 20 Billion dollars spent in clean-up costs and lost productivity worldwide. In addition, 48 percent of organisations do not have a policy for notifying customers when their private data may be at risk.



Looking Ahead: Social Malware

Modern malware borrows characteristics from the social networking and collaboration sites such as FaceBook and Myspace. The newest threats like the Storm Trojan are collaborative, adaptive, work between two computers and are intelligent. It flies under the radar, living on PCs for months or years without detection. The old attitude of "what I can't see won't hurt me" is no longer valid.



Additional Findings and Statistics

The overall trends in spam and malware can be characterised by a larger number of more targeted, stealthy and sophisticated attacks. Specific observations include:



· Spam volume increased 100 percent, to more than 120 billion spam messages daily. That’s about 20 spam messages per day for every person on the planet. IronPort measurements have shown that enterprise users get anywhere from 100 to 1,000 spam messages per day.

· Spam has become less focused on selling product, more focused on growing spam networks. Earlier versions of spam attacks were primarily selling some type of product (pharmaceuticals, low interest mortgages, etc. However, today’s spam includes an increasing amount of links that point to web sites distributing malware. This malware is often designed to further extend the size and scale of the bot network that originated the spam in the 1st place. During 2007, IronPort’s Threat Operations Centre measured a 253% increase in “dirty spam” that contained links that pointed to known malware sites. This is further evidence of the trend that malware writers are using both e-mail and web technologies blended together to propagate threats.

· Viruses are less visible, but increasing in number. Virus writers have evolved from the previous mass distribution attacks such as netsky and bagel viruses. In 2007 viruses where much more polymorphic, and typically associated with the proliferation of very sophisticated bot networks such as "feebs" and "storm". In one week alone, the IronPort Threat Operation Centre detected more than 6 variants of the Feebs virus, each of which began spreading exponentially before signatures could be created.

The duration of a particular attack technique decreased substantially. In previous years, spammers would use a typical technique, such as the use of embedded images, for months. More recent techniques such as MP3 spam lasted only 3 days. But there are more of these smaller attacks. Where as in 2006 image spam was the primary new technique, 2007 saw more than 20 different attachment types used in different, short-lived attack techniques.


The report (ONCE LIVE ON MONDAY) in its entirety can be found at http://www.ironport.com/securitytrends/



HOW UK USERS CAN STAY SAFE THIS CHRISTMAS

Stay safe using e-mail, web browsing and on-line Christmas shopping

1) Don't Open
Whenever possible, do not open spam messages. Frequently spam messages include software that enables the spammer to determine how many, or which, e-mail addresses have received and opened the message. A suspicious e-mail is almost always spam.

2) Don't Respond
The best way to deal with e-mail messages from unknown or suspicious addresses is to delete them, or allow your spam filter to quarantine them. If you respond to a spam message, even asking to be removed from their list, you'll have confirmed to the sender that they have indeed reached a valid e-mail address and your inbox may become the target of even more spam. If you are unsure whether a request for personal information from a company is legitimate, contact the company directly or type the website URL directly into your browser.

3) Don't Click
If you click on a link (even an "unsubscribe" link) offered in a spam message, you may infect your computer with spyware or a virus. Instead, delete the e-mail immediately. If a message that appears to be from your bank, credit card company, eBay, Paypal, or others requests that you to click through to validate account details—don't. They already have your account details, so validation or confirmation should not be necessary. Simply delete the message. If you have questions about an e-mail from a familiar organisation, contact them by phone.

4) Don't Buy
Spam exists because it's profitable. It costs almost nothing for a spammer to send a million messages. If even one in that million people buy something, they're making money. Take the profit out of spam. Never purchase anything from spammers. Tell your friends and family to do the same—no matter how good the offer looks.

5) Don't Use Your Primary Email Address
Using your primary e-mail address anywhere on the Web puts it at greater risk of being picked up by spammers. Use a secondary or temporary account for online transactions.

6) Don't Believe Everything You Read
Forwarded warning emails and chain letters are more prevalent during the holiday season. Spammers will harvest good e-mail addresses from these forwarded messages. After a few generations, many of these letters contain 100's of good e-mail addresses. Consequently, people who were worried about the "missing girl" or the "desperate refugee" find themselves not only passing on a hoax, but also the recipients of more spam.

7) Do Use a Temporary or One-Time Use Credit Card
When in doubt; use a temporary or a one-time use credit card. Most major banks can provide these types of cards to help avoid abuse.

8.) Sign up for identify theft protection

Most identify theft protection provides a.) personal credit report compiled with data from the three major credit reporting agencies: Equifax, Experian, and TransUnion, so you can review your credit history and verify it is current and accurate; b.) monitors your credit daily; c.) alerts you to any account openings in your name, inquiries into your credit files and sends notification if any negative information is added to your credit records; d.) helps you monitor and correct any errors in your credit file and ultimately provides insurance for any fraud.

9) Do Make Sure Your ISP or Company Has Spam, Virus and Spyware Protection
Spam emails are very often connected with viruses, so it's critical to have both anti-spam and anti-virus protection. Spam messages often include links to websites with spyware or malware. Check with your ISP or IT department to make sure you have adequate security against these kinds of threats. Having spam, virus and Web-based malware protection at the gateway can make a significant difference.

10) Do Use Your Common Sense
If it looks like spam, it probably is. Delete it.



- Ends -



For more info, contact:

Paul Doran

0207 8199333

paul@switchcoms.com



About IronPort Systems

IronPort Systems, headquartered in San Bruno, California, is a business unit of Cisco Systems, Inc.. IronPort Systems is the leading provider of anti-spam, anti-virus and anti-spyware appliances for organisations ranging from small businesses to the Global 2000. IronPort appliances utilise SenderBase®, the world's largest e-mail and Web threat detection network and database. IronPort products are innovative and easy-to-use – providing breakthrough performance and playing a mission-critical role in a company's network infrastructure. To learn more about IronPort Systems products and services, please visit: http://www.ironport.com/.


Copyright © 2007 Cisco IronPort Systems, LLC All rights reserved. IronPort, the IronPort logo and SenderBase are registered trademarks of Cisco IronPort Systems, LLC. All other trademarks are the property of Cisco IronPort Systems, LLC or their respective owners. While every effort is made to ensure the information given is accurate, IronPort does not accept liability for any errors or mistakes which may arise. Specifications and other information in this document may be subject to change without notice.