In the last week, we have observed a high number of new URLs pointing to Malware files and Phishing websites. It is the first time this year when the Risk Level for both types of URLs is 5 (Very High) for 4 days continuously.

Fig. 1: There are increased activities in the phishing- and malware scene.

This has most probably to do with the fact that a lot of accounts from Yahoo, Google, Hotmail and AOL have been “phished” and are now being used in malicious activities.

Also the amount of spams received in our spam traps is very high. We have received in the first 8 days of October 36% of the spams we received during the entire September. If the trend continues like this, we will have a 44% increase in the spam received, compared to September.

If you have any doubts that your email hosted at one of the above providers may have been compromised, please change your password as soon as possible.

Sorin Mustaca
Manager International Software Development

The Risk Level describes the current phishing- and malware threats that we receive in real time from our sources in Internet. These threats are valid and can be accessed by any user in the Internet.

The levels are computed by comparing the amount of threats (malware and phishing separately) received in the last 24 h (called 24h threat value) to the average value from the last 30 days (called average threat value). These levels are computed every 15 minutes.

This is how the graphs with the values per day for the last 30 days looks like:

Fig. 1: Statistics per day, last 30 days

The graph with the values per hour for the last 24h:

Fig. 2: Statistics per hour, last 24h

Level 1 – Normal (Green)

Risk: Low – there is much less activity than the average we have seen in the last 30 days. This condition corresponds to no discernible malicious activity for the type of threat for which the risk level is issued. The Avira products should function and should be updated using the default settings.

Level 2 – Average (Yellow-Green)

Risk: Low to Moderate - there is relatively less activity than the average we have seen in the last 30 days. This condition corresponds to some malicious activity for the type of threat for which the risk level is issued. The Avira products should function and should be updated using the default settings. This risk level is usually “the calm before the storm”, so we advise our customers to keep an eye on our website for information and updates.

Level 3 – Suspicious (Yellow)

Risk: Moderate – there is the same activity as the average we have seen in the last 30 days. This condition corresponds to clear signs of malicious activity for the type of threat for which the risk level is issued. The Avira products should function with heuristics and generic settings enabled because it might be possible that there is a new variant of a known malware. This risk level means that some unknown malware might be starting to spread, so we advise our customers to keep an eye on our website for information and updates. Please keep the logfiles of the security products under careful observation.

Level 4 – Alert (Orange)

Risk: High – there is the more activity than the average we have seen in the last 30 days. This condition corresponds to known malicious activity for the type of threat for which the risk level is issued. The Avira products must be updated more often than the default. Do not forget to update both the signatures and the engine. This risk level means that known malware are spreading, and we strongly advise to keep the logfiles of the security products under careful observation.

Level 5 – Outbreak (Red)

Risk: Very High – there is much more activity than the average we have seen in the last 30 days. This condition corresponds to known malicious activity for the type of threat for which the risk level is issued. The Avira products must be updated more often than the default. Do not forget to update the signatures, the engine and the products. This risk level means that known malware are currently active, creating a severe risk to the infrastructure and normal operations. We strongly advise to keep the logfiles of the security products under careful observation.

Sorin Mustaca
Manager International Software Development