MessageLabs report warns of RAR dividend

Symantec has published the March 2010 edition of its monthly MessageLabs Intelligence Report, which finds that while the most common file types attached to all malicious emails were .XLS and .DOC file types, the most dangerous file type identified was encrypted .RAR files, the proprietary compressed archive format. 

.XLS and .DOC file types each accounted for 15.4 percent of file attachments to email in March and the top four most common file types -- .XLS, .DOC, .ZIP and .PDF accounted for 50 percent of files attached to emails. 

Encrypted .RAR files accounted for approximately 1 in 312 (0.32 percent) malicious files attached to emails in March. Although a relatively uncommon file type, it is compromised 96.8 percent of the time when attached to an email.

The .EXE file type is the most likely to cause suspicion as being be compromised when attached to an email. However, in March executable file types accounted for 6.7 percent of files attached to email and were found to be compromised 15 percent of the time. 

Although there are a great number of malicious emails that use the most common file extensions, .XLS, .DOC, .ZIP and .PDF, as attachments, they are more often included as attachments to emails that are safe.

MessageLabs Intelligence observed that the Rustock botnet had been sending considerably more spam using TLS (Transport Layer Security). Approximately, 77 percent of spam sent from the Rustock botnet used secure TLS connections during March. 

The average additional inbound and outbound traffic due to TLS requires an overhead of around one kilobyte. Many spam emails are often much lower than one kilobyte in size. Spam using TLS accounted for approximately 20 percent of all spam in March, peaking at 35 percent on March 10. 

In March 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 90.7 percent (1 in 1.10 emails), an increase of 1.5 percentage points since February. 

The most spammed industry sector with a spam rate of 94.7 percent was the Engineering sector, while the Public Sector remained the most targeted industry for malware with 1 in 77.1 emails being blocked as malicious.