Sophos Security Threat Report 2012 Identifies Decline in Fake Antivirus Threats, but Increase in Infected Websites

Popular security firm Sophos has published its annual security report, which analyzes the major security trends of the year gone by. The latest report dives into the various security threats that we witnessed in 2011.

Sophos dubbed 2011 as the year hacking evolved from being a way to steal money to a form of protest. The first year of the new decade witnessed Anonymous and its offshoot LulzSec capture public imagination and dominate headlines. It also saw an increase in data theft, drive by infections, and malwares for Mac.

The full report, which spans 31 pages, is available for download or online viewing from Sophos’ website. Here are some of the key takeaways.

  • Since 2005, security breaches have compromised more than 500 million U.S. records alone.
  • In 2010, the costs of a data breach reached $214 per compromised record, and averaged $7.2 million per data breach event.
  • More than three years after its initial release, the Conficker worm was still the most commonly encountered piece of malicious software, representing 14.8% of all infection attempts seen by Sophos customers in the last six months.
  • There has been a sharp decline in the threat posed by fake antivirus products, but they were still responsible for 5.5% of infections in the last six months of 2011.
  • As a result of the Rustock botnet shutdown (previously responsible for the largest volume of spam), there was an immediate drop of about 30% in global spam volumes in March 2011. Unfortunately, Sophos Labs also witnessed an increase in the volume of spam with attached malware.


  • According to Sophos Labs, more than 30,000 websites are infected every day and 80% of these infected sites are legitimate. Eighty-five percent of all malware, including viruses, worms, spyware, adware and Trojans, comes from the web. Today, drive-by downloads have become the top web threat. And in 2011, we saw one drive-by malware rise to number one, known as Blackhole.
    About 10% of detections are exploit sites, about two-thirds of which are Blackhole sites.


  • 2011 saw the emergence of Mac malwares as a genuine threat. Fake antivirus schemes such as MacDefender, Mac Security, MacProtector and MacGuard all came to light this year.


  • Windows may be the most attacked OS, but the primary vectors for hacking Windows have been through PDF or Flash.

Windows 8 App Store Revealed by Leaked Screenshots

A Chinese website has leaked a couple of screenshots, which allegedly show the Windows App Store in action. While it is prudent to take any leaked information with a pinch of salt, it’s pretty safe to bet that Windows 8 will include an app store. Back in June 2010, we had stated as much, based on leaked confidential information. The new screenshots are also consistent with the ones leaked (and ridiculed) on the Neowin forums. Moreover, almost every other desktop operating systems of note (Mac and Ubuntu) already has an inbuilt application repository.


To be honest, the Windows 8 app store appears to be a mash up of Windows Media Player and the Mac App Store. It will include free and paid content from a large number of third party developers. What is unclear at this moment is whether automatic update for all applications, which has been a long standing demand of Windows users and developers, will also be included.


The other point of interest is the name of the app store. In the screenshots leaked by Neowin, the software center is titled as “Windows App Store”. If that is indeed that actual name, one can bet that Apple won’t be too pleased about it. Apple believes that it owns the trademark for “App Store”, and is already suing Amazon.


As we get closer and closer to the public beta of Windows 8, expect the volume of leaks to steadily increase. In fact, the Chinese website believes that the app store is almost ready, and will be made available to beta testers soon.


Update: Bad news folks. The leaked screenshots have been confirmed to be fake.

SMSAssassin: Crowd Sourced SMS Spam Filter Developed by Students in India

Email spam might be dropping, but that doesn’t mean that spam is about to go away. It’s just that the spammers have found new, and possibly more fruitful, vehicles for spreading junk. This includes search engines, twitter, and of course, SMS. In spite of the establishment of the NDNC (National Do Not Call) registry, SMS spam is rapidly increasing in India. I personally consider SMS spam to be much more of a nuisance than email spam, simply because, although there are sophisticated spam filters available to tackle email spam, when it comes to SMS spam we are mostly helpless. Manual blacklisting of repeat offenders is the best most of us can do.

For separating spam from ham, most email filters utilize two techniques:

Heuristic Approach: The software learns to distinguish spam from experience by learning from the content of already processed messages.
Bayesian Approach: It’s a statistical approach that employs a probabilistic model to determine if a message is spam, based on pre-defined classifiers.

Unfortunately, these methods alone are not very effective when it comes to tackling SMS spam. The short length of messages, coupled with the use of abbreviations and vernacular languages make it very tough for machine learning algorithms to work with acceptable accuracy.

Now, a team of students at the Indraprastha Institute of Information Technology (Delhi) are trying to tackle this problem by employing the intelligence of the crowd. The team lead by Dr. Ponnurangam Kumaraguru, includes Vinayak Naik, Kuldeep Yadav, Atul Goyal, Ashish Gupta, Dipesh Kumar Singh, and Rushil Khurana.

For developing the initial proof-of-concept, the team ran an incentivized crowd-sourcing scheme in the IIIT-D campus (organized through Facebook) to collect sample spam messages. Pictured below is the tag cloud of the initial database of 4,318 messages, out of which nearly half were spam.

Tag Cloud for SPAM (left) and HAM (right)

Some of the interesting observations made by the team from the initial training set are:

  • Almost all messages including an URL are spam.
  • Certain special characters like /’ are frequently present in spam messages.
  • Typically word count of spam messages is higher. Also the average word length in legitimate messages is shorter due to the presence of abbreviations.

SMSAssassin Architecture

For spam filtering, two techniques were explored by the research group Bayesian and SVM (Support vector machine). SVM is a supervised machine learning technique commonly used for classification. With SpamAssassin, Bayesian approach yielded lower than desired accuracy with spam classification; however, SVM was too computationally heavy for low and mid-range mobile devices, and it had a lower success rate with classification of hams. Dr. Ponnurangam’s team is currently working on an online module that will run a pre-trained SVM based classifier on the server and pass on the results to the app.

SMSAssassin Accuracy

A Symbian app, which will offer full featured spam protection on mobile phones with or without data connection, is currently in the final stages of development. The choice of Symbian as the launch platform might surprise some; however, the decision was likely inspired by the ground situation in India. Nokia still has a significant presence in India, and it dominates the mid-range segment. In terms of volume, I suspect Android is still quite far behind Symbian. That being said, an Android app is planned, and will possibly be released later in the summer. In the meanwhile you can check out the research paper for getting a better understanding of the underlying technology.

Vaseline Launches Facebook App to Make You Appear Fairer

Vaseline-Men Vaseline, a popular cosmetics brand owned by Unilever, has launched a new Facebook app that will retouch your photographs in order to make you appear fairer. The app is mainly targeted at Indians and is promoting a new cosmetic product for men from Vaseline.

Indian’s are well known for their despicable obsession with fairness. The sad reality is that not being fair is still considered to be a disadvantage by most sections of the population. In such an environment, it’s not surprising that fairness creams and lotions continue to sell like hot cakes.

The Vaseline Men page also includes several fashion tips for men, with new ones being added regularly. Pankaj Pariha, the man behind the campaign, claims that the response to the entire Vaseline Men campaign “has been pretty phenomenal”. The application currently has close to 9,000 active users.

Origin of Skin Colour

It is probably unfair to pick on Vaseline alone. It’s not doing anything or suggesting anything that hasn’t been done or said before. Television advertisements for similar products from competitors are still getting away with suggesting that having a fair skin complexion is essential for getting jobs or getting married. The real problem is a lot more than skin deep. The real problem lies within the society itself. And until we change our attitudes, blaming a commercial company tending to the demands of the market won’t get us far.