Cutwail Bounces Back From Near Death Experience; Instant Messaging Malware on the Rise and Threats Increasingly Target Healthcare Industry

CUPERTINO, CA -- (Marketwire) -- 06/29/09 -- Symantec Corp. (NASDAQ: SYMC) today announced the publication of its June 2009 MessageLabs Intelligence Report. Analysis highlights that spam levels were unchanged since May at 90.4 percent largely due to the several hours of downtime experienced by Cutwail, one of the largest and most active botnets, following the shutdown of California-based ISP, Pricewert LLC (also known as 3FN and APS Telecom) on June 5, 2009. Also in June, MessageLabs Intelligence identified 1 in 78 IM-based hyperlinks point to malicious websites.

"Cutwail’s recovery to one-third of its original levels, after only a few hours, highlights the progress spammers have made since the McColo shutdown in November," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. "Spammers have learned the importance of having a backup for command and control channels."

Spam from botnets accounted for 83.2 percent of all spam in June. The remainder is sent from compromised mail servers and webmail accounts. The image spam MessageLabs Intelligence reported on in May became more sustained in June accounting for eight to ten percent of all spam. The newest iterations originate from botnets, contain background noise patterns and are delivered as an email attachment rather than hosted remotely.

In June, MessageLabs Intelligence found that 1 in 405 Instant Messages contained a hyperlink of which 1 in 78 were linked to websites hosting malicious content, an increase of .78 percent over the past six months. At the end of 2008, MessageLabs Intelligence had identified that 1 in 200 hyperlinks shared over public IM applications were malicious. At the current rate, 1 in 80 IM users may expect to receive a malicious instant message each month.

By August 17, 2009, the deadline imposed by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) are required to issue interim final regulations regarding data breach notification and safeguard requirements for personal health records and certain other consumer health information. The HITECH Act was enacted as part of the American Recovery and Reinvestment Act of 2009.

"As millions of government dollars are currently being invested in the digitization and protection of personal health records, medicine and technology are more intersected than ever," Wood said.