Last year was an interesting year in the security industry in a number of ways, but perhaps none more so than the monstrous increase in the volume of malicious spam. In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research.
For some time now, spam has been accounting for upwards of 90 percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, with the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam, researchers at M86 Security found. The company’s report on spam and malware trends from the second half of 2009 was released Tuesday.
In fact, the company found that 78 percent of all spam was sent by computers that were part of one of the five largest botnets.
“The major spam botnets such as Rustock and Pushdo (or Cutwail) continue to dominate spam output, supported by second-tier botnets such as Mega-D, Grum, and Lethic, and Donbot. The spamming botnets are constantly in flux, waxing and waning, morphing, becoming obsolete, being replaced, taken down, and upgraded. It is important to identify the major contributors to the volume of spam, so the industry can take action against them, such as the botnet takedowns that have already occurred. Consider the impact on Spam levels if the top 2 or 3 botnets were disabled,” the company said in the report.
Malicious spam–messages that carry some sort of malware or a pointer to a malicious site–was a huge problem in the last six months of 2009. The major botnets were the main culprits, using the millions of compromised machines as spam-spewing zombies. Much of this spam involved scams tied to financial fraud, specifically credit-card theft or attacks that involved loading a password-stealing Trojan onto the victim’s machine.
“Over the past year, malware became more voluminous, sophisticated and complex. One piece of malware we encountered illustrates this complexity. A prevalent distribution vector for spambots and other attacks was a piece of malware called Virut, which is a file infecting virus that can download and install almost any type of malware on to an infected computer7. The Virut malware infects files with .exe and .scr file extensions. A user may encounter Virut by visiting malicious websites that contain exploits that download Virut as a payload,” the report says.
