Aggressive strains of generic polymorphic malware accounted for approximately 72% of all email-borne malware in September 2011, according to the September 2011 Symantec Intelligence Report.
The polymorphic malware, first identified in the July Symantec Intelligence Report, accounted for 23.7% and 18.5% of all email-borne malware in July and August, respectively.
Symantec.cloud senior intelligence analyst Paul Wood said this unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures.
The global ratio of email-borne viruses in email traffic was one in 188.7 emails (0.53%) in September, an increase of 0.04 percentage points since August 2011.
The report found the social engineering behind many of these attacks has also accelerated, with the adoption of a variety of new techniques such as pretending to be an email from a smart printer/scanner being forwarded by a colleague in the same organisation.
"The idea of an office printer sending malware is perhaps an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future," Wood said.
Although spam levels remained fairly stable during September, the Symantec report observed the use of identified vulnerabilities in certain older versions of the popular WordPress blogging software on a large number of Web sites across the Internet.
However, blogs hosted by WordPress themselves seem to be unaffected, the report added.
The global ratio of spam in email traffic declined to 74.8%, a decrease of 1.1 percentage points when compared with August 2011, while phishing email activity diminished by 0.26 percentage points (one in 447.9 emails) since August 2011.
The report also reveals that spammers and malware authors are increasingly using JavaScript as popular programming language, which is increasingly used to conceal where spammers are redirecting, and in some cases, also to conceal entire Web pages.
"For spammers, hosting simple JavaScript obfuscation pages on free hosting sites can increase the lifetime of that site before the site operator realises the page is being used for malicious activity," Wood said.
"JavaScript is popularly used for redirecting visitors of a compromised Web site to the spammers landing page. While some of these techniques have been common in malware distribution for some time, spammers are increasingly using them."
Symantec Intelligence identified an average of 3,474 Web sites each day harbouring malware and other potentially unwanted programmes including spyware and adware; an increase of 1% since August 2011.
The most frequently blocked malware for the last month was W32.Sality.AE, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
In terms geographies, Saudi Arabia remained the most spammed country with a spam rate of 84%, followed by Russia. The spam levels in the UK were at 75.5%.
South Africa is the most targeted geography in terms of phishing with one in 133.1 emails identified as phishing, while UK remains the second most targeted country with one in 221.1 emails identified as phishing attacks.
Phishing levels for the US were one in 985.9 and one in 317.6 for Canada, while in Germany phishing levels were one in 1,125, one in 1,071 in Denmark and one in 377.2 in The Netherlands.
Email-borne malware attacks were most prevalent in Hungary, with one in 111.2 emails, while Switzerland was the second most geography under fire in September, with one in 128.2 emails was identified as malicious. In the UK one in 129.9 emails was blocked as malicious.
Virus levels for email-borne malware reached one in 224.8 in the US and one in 164.8 in Canada.
The Automotive industry sector remained as the most spammed industry sector, with a spam rate of 77.8%, followed by Education sector (77.2%), Chemical & Pharmaceutical sector (74.6%), and IT Services (74.4).
The Public Sector remained the most targeted by phishing activity in September, with one in 125.8 emails comprising a phishing attack.
