Security Incidents mailing list archives

RE: Decrease in Threats?

From: "James C Slora Jr" <Jim.Slora () phra com>
Date: Wed, 25 Jan 2006 19:53:26 -0500

I have seen a big drop im mail-based threats since the latest Sober petered
out, but the background volume of non-Sober infected messages has remained
pretty steady.

Here are infected incoming message counts for the past 12+ months:
        2005-01 - 4487
        2005-02 - 3699
        2005-03 - 2247
        2005-04 - 2038
        2005-05 - 80393
        2005-06 - 3161
        2005-07 - 2307
        2005-08 - 2753
        2005-09 - 2238
        2005-10 - 2812
        2005-11 - 163945
        2005-12 - 233257
        2006-01 (so far) - 10780

My spikes in 2005-05 and 2005-11 thru 2006-01 were due entirely to incoming
Sober-infected messages.

Most of the infected messages so far this year were Sober, dying off in the
first few days of January. After January 5, I have only counted 2308
infected messages so far. This volume is still well within the normal range
for the past year.

If you are seeing a big decrease other than that explained by Sober
finishing up its "work", maybe somebody upstream is helping with some
filtering. Or maybe educating your users paid off in decreased home computer
infections sending junk to work. Or maybe you're just lucky.

Current thread:

Decrease in Threats? Rohny Jotton (Jan 25)
- Re: Decrease in Threats? Aubs (Jan 25)
  - Re: Decrease in Threats? Andrew Simmons (Jan 26)
- Re: Decrease in Threats? ACMurray (Jan 25)
- RE: Decrease in Threats? James C Slora Jr (Jan 25)
- Re: Decrease in Threats? Bill Borton (Jan 27)
  - Re: Decrease in Threats? Bojan Zdrnja (Jan 29)
    - Re: Decrease in Threats? Will Aoki (Jan 30)
    - Re: Decrease in Threats? Gene Rackow (Jan 30)
  - RE: Decrease in Threats? Tom Milliner (Jan 29)
    - Re: Decrease in Threats? Kurt Seifried (Jan 30)