Symantec.cloud Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. Symantec.cloud Intelligence publishes a range of information on global security threats based on live data feeds from more than 15 data centers around the world scanning billions of messages and Web pages each week. Team Skeptic™ comprises many world-renowned malware and spam experts, who have a global view of threats across multiple communication protocols drawn from the billions of Web pages, email and IM messages they monitor each day on behalf of 31,000 clients in more than 100 countries. More information is available at www.messagelabs.com/intelligence
The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from May and June 2011.
Symantec Intelligence Report: June 2011 highlights:
- Spam — 72.9% in June;
- Phishing — One in 330.6 emails identified as phishing;
- Malware — One in 300.7 emails in June contained malware;
- Malicious Web sites — 5,415 Web sites blocked per day;
- 35.1% of all malicious domains blocked were new in June;
- 20.3% of all Web-based malware blocked was new in June;
- Review of Spam-sending botnets in June 2011;
- Clicking to Watch Videos Leads to Pharmacy Spam;
- Wiki for Everything, Even for Spam;
- Phishers Return for Tax Returns;
- Fake Donations Continue to Haunt Japan;
- Spam Subject Line Analysis;
- Best Practices for Enterprises and Users;
To download Symantec Intelligence Report: June 2011 full report, visit the following link: SYMCINT_2011_06_June_FINAL-EN.pdf (1.3MB).
Below I want to quote the best practice guidelines for users and consumers presented in this report Symantec Intelligence Report: June 2011:
- Protect yourself. Use a modern Internet security solution that includes the following capabilities for maximum protection against malicious code and other threats:
- Antivirus (file and heuristic based) and malware behavioral prevention can prevents unknown malicious threats from executing;
- Bidirectional firewalls will block malware from exploiting potentially vulnerable applications and services running on your computer;
- Intrusion prevention to protection against Web-attack toolkits, unpatched vulnerabilities, and social engineering attacks;
- Browser protection to protect against obfuscated Web-based attacks;
- Reputation-based tools that check the reputation and trust of a file and Web site before downloading;
- URL reputation and safety ratings for Web sites found through search engines;
- Keep up to date. Keep virus definitions and security content updated at least daily if not hourly. By deploying the latest virus definitions, you can protect your computer against the latest viruses and malware known to be spreading in the wild. Update your operating system, Web browser, browser plug-ins, and applications to the latest updated versions using the automatic updating capability of your programs, if available. Running out-ofdate versions can put you at risk from being exploited by Web-based attacks.
- Know what you are doing. Be aware that malware or applications that try to trick you into thinking your computer is infected can be automatically installed on computers with the installation of file-sharing programs, free downloads, and freeware and shareware versions of software.
- Downloading “free” “cracked” or “pirated” versions of software can also contain malware or include social engineering attacks that include programs that try to trick you into thinking your computer is infected and getting you to pay money to have it removed.
- Be careful which Web sites you visit on the Web. While malware can still come from mainstream Web sites, it can easily come from less reputable sites sharing pornography, gambling and stolen software.
- Read end-user license agreements (EULAs) carefully and understand all terms before agreeing to them as some security
- Use an effective password policy. Ensure that passwords are a mix of letters and numbers, and change them often. Passwords should not consist of words from the dictionary. Do not use the same password for multiple applications or Web sites. Use complex passwords (upper/lowercase and punctuation) or passphrases.
- Think before you click. Never view, open, or execute any email attachment unless you expect it and trust the sender. Even from trusted users, be suspicious.
- Be cautious when clicking on URLs in emails, social media programs even when coming from trusted sources and friends. Do not blindly click on shortened URLs without expanding them first using previews or plug-ins.
- Do not click on links in social media applications with catchy titles or phrases even from friends. If you do click on the URL, you may end up “liking it” and sending it to all of your friends even by clicking anywhere on the page. Close or quit your browser instead.
- Use a Web browser URL reputation solution that shows the reputation and safety rating of Web sites from searches. Be suspicious of search engine results; only click through to trusted sources when conducting searches, especially on topics that are hot in the media.
- Be suspicious of warnings that pop-up asking you to install media players, document viewers and security updates; only download software directly from the vendor’s Web site.
- Guard your personal data. Limit the amount of personal information you make publicly available on the Internet (including and especially social networks) as it may be harvested and used in malicious activities such as targeted attacks, phishing scams.
- Never disclose any confidential personal or financial information unless and until you can confirm that any request for such information is legitimate.
- Review your bank, credit card, and credit information frequently for irregular activity. Avoid banking or shopping online from public computers (such as libraries, Internet cafes, etc.) or from unencrypted Wi-Fi connections.
- Use HTTPS when connecting via Wi-Fi networks to your email, social media and sharing Web sites. Check the settings and preferences of the applications and Web sites you are using.
0 comments: (+add yours?)
Post a Comment
Note: Only a member of this blog may post a comment.