Symantec Global internet Security threat report
Credit card information—includes credit card number and expiry date. it may also contain the cardholder name, Credit Verification Value 2 (CVV2) number, pin, billing address, phone number, and company name (for a corporate card). CVV2 is a three or four-digit number on the credit card and used for card-not-present transactions such as internet or phone purchases. this was created to add an extra layer of security for credit cards and to verify that the person completing the transaction was in fact, in possession of the card.
Email accounts—includes user iD, email address, password. in addition, the account may contain personal information such as addresses, other account information, and email addresses in the contact list.
Email addresses—consists of lists of email addresses used for spam or phishing activities. the email addresses can be harvested from hacking databases, public sites on the internet, or from stolen email accounts. the sizes of lists sold can range from 1 MB to 150 MB.
Full identities—may consist of name, address, date of birth, phone number, and government-issued number. it may also include extras such as driver’s license number, mother’s maiden name, email address, or “secret” questions/answers for password recovery.
Mailers—an application that is used to send out mass emails (spam) for phishing attacks. Examples of this are worms and viruses.
Proxies—proxy services provide access to a software agent, often a firewall mechanism, which performs a function or operation on behalf of another application or system while hiding the details involved, allowing attackers to obscure their path and make tracing back to the source difficult or impossible. this can involve sending email from the proxy, or connecting to the proxy and then out to an underground irC server to sell credit cards or other stolen goods.
Shell scripts—used to perform operations such as file manipulation and program execution. they can also be used as a command line interface for various operating systems.
Countries of spam origin
the data for this section is determined by calculating the frequency of originating server ip addresses in email messages that trigger antispam filters in the field. the ip addresses are mapped to their host country of origin and the data is summarized by country based on monthly totals. the percentage of spam per country is calculated from the total spam detected in the field.
it should be noted that the location of the computer from which spam is detected being sent is not necessarily the location of the spammer. Spammers can build networks of compromised computers globally and thereby use computers that are geographically separate from their location
Spam delivered by botnets
the data for this section is determined by an analysis of emails that trigger antispam filters and the proportion that is detected as originating from a known botnet. the identity and location of spam-sending botnets that is tracked by Symantec MessageLabs intelligence knowledge base, and is based on the profile of the spam and its headers as it is being transmitted. Each botnet exhibits a unique profile and the information is tracked accordingly, including its location.