Malicious Spam Jumps to 3 Billion Messages Per Day

Last year was an interesting year in the security industry in a number of ways, but perhaps none more so than the monstrous increase in the volume of malicious spam. In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research.

Last year was an interesting year in the security industry in a number of ways, but perhaps none more so than the monstrous increase in the volume of malicious spam. In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research.

For some time now, spam has been accounting for upwards of 90 percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, with the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam, researchers at M86 Security found. The company’s report on spam and malware trends from the second half of 2009 was released Tuesday.

In fact, the company found that 78 percent of all spam was sent by computers that were part of one of the five largest botnets.

“The major spam botnets such as Rustock and Pushdo (or Cutwail) continue to dominate spam output, supported by second-tier botnets such as Mega-D, Grum, and Lethic, and Donbot. The spamming botnets are constantly in flux, waxing and waning, morphing, becoming obsolete, being replaced, taken down, and upgraded. It is important to identify the major contributors to the volume of spam, so the industry can take action against them, such as the botnet takedowns that have already occurred. Consider the impact on Spam levels if the top 2 or 3 botnets were disabled,” the company said in the report.

Malicious spam–messages that carry some sort of malware or a pointer to a malicious site–was a huge problem in the last six months of 2009. The major botnets were the main culprits, using the millions of compromised machines as spam-spewing zombies. Much of this spam involved scams tied to financial fraud, specifically credit-card theft or attacks that involved loading a password-stealing Trojan onto the victim’s machine.


“Over the past year, malware became more voluminous, sophisticated and complex. One piece of malware we encountered illustrates this complexity. A prevalent distribution vector for spambots and other attacks was a piece of malware called Virut, which is a file infecting virus that can download and install almost any type of malware on to an infected computer7. The Virut malware infects files with .exe and .scr file extensions. A user may encounter Virut by visiting malicious websites that contain exploits that download Virut as a payload,” the report says.

Suggested articles


  • Anonymous on

    I don't get it.  Who even sees spam anymore?  Any reasonable mail provider filters this all away.  For those who do actually get spam, doesn't it ultimately become a victim of its own "success".  If there are that many spam messages how does the message not get overwhelmed by all the other spam messages?

  • Anonymous on

    Ummm this matters to the ISPs that keep the spam away from you.

    And it matters because you are paying for them to keep the spam away from you.

    (be it with cash or addware etc)

    Also it's always a catch-up game with anti-spam software, so there is quite a few spam messages that break through, especially when a new variety surfaces, and then you get the very intelligent users that keep on responding to these e-mails and phising attempts and get rich attempts and and and...

    I've even seen spam come through gmail and major ISP filters from time to time, especially well crafted phising scams.

  • Dietrich on

    Nothing that OpenPGP can't take care of. Everyone wants maximum protection of their on-line data which can be stored in a fully-encrypted manner. That would satisfy a whole bunch of cloud issues, including the Fourth Amendment as it applies to the Cloud, which is really not framed out. The larger issue I see is that ALL EMAIL flows over the Internet in 'Clear Text' (readable) form. We take the precaution as a matter of privacy to be sure to enclose our paper mail in an envelope do we not? Why shouldn't the same convention and assumption of a right to Privacy apply to mail sent on the Internet? Not just its 'storage'. That's where OpenPGP comes in. But you can't make it happen unless there is a Federal mandate in place and a Global set of Treaties could unify the supposed: 'Email Postal Encryption Act'. Making a Mandate should be accompanied by Government Funding to facilitate defraying the cost of bringing Email software applications into compliance over a period of time to the extent that such applications would incorporate PGP and self-signed certificates for encrypted email and make the process of sending a PGP email from an application usability standpoint sufficiently easy for any person to use with a minimum computer literacy level being assumed. So, why do we get upset about information stored on the Internet when we send clear text emails around the world each and every day?

  • Anonymous on

    Mail encryption:

    Same kind of reason why they tried to get smtp2 running and failed.

    No one is "forced" to use the same implementation, no one is "forced" to use it at all.

    Plus you try to teach a 70 year old granny with a windows 3.1 machine what openPGP is...

    Good in theory, insane to implement (sadly)


  • Robert L. Baber on

    "Any reasonable mail provider" or email program filters most, but not all, spam out. Unfortunately, those filters also filter some legitimate and desired email out. The latter type of error has caused me serious trouble on several occasions. Spam filters should not be relied on completely.


  • Anonymous on

    Step back and take a breath. Don't you see how screwed up we have allowed to let Government become. It should not be the Governments job to pay for the spam problem. The government does not need to be in the private business.

  • Anonymous on

    I have to say, Gmail's spam filter is quite good, and even the very few that get through, once I mark them as spam, I never see them again.  I leave my spam folder alone, and the emails are deleted as soon as they are 30 days old, so I have a running monthly total of spam.  About a year ago, a spam king was taken down.  How do I know this?  Because one year ago, my spam folder dropped from 2000 a month to 1000.  Over the last year, it fell to 800.  Now, however, it's back up to 1000 again.  It started going up about the first week of January.  (I am very careful not to give my e-mail address to anyone who could spam, but sadly I had three other folks with my name give out my e-mail address as theirs, and the floodgates opened.)

  • ChrisM on

    The short answer is while it may be true that we, at the end of the supply chain may not see this spam, it's ultimate success is that it has slowed down all the legit traffic out there that you and I are trying to communicate with our friends and families! There is where the damage is being done. I am frankly amazed that fantastic services like Skype and similar video transmissions are even able to do as well as they are with all this spam traffic tying up the net!

  • Anonymous on

    i am now bombarded with malwarw called security tool it trys to force you to buy there service with your personal information and creditcard

  • Anonymous on

    Hey, hey, don't dump on us 70 year olds. I use XP and my mom is 94 using Win 7. Age doesn't equal ingorance as many young people believe. Seniors have been around long enough to recognize the risks posed by young people and take appropriate action to protect themselves against those risks. 

  • guru schmukuru on

    What's wrong with junk mail?  Nothing!  They are very amusing, entertaining and sadly enough, some of them have no reply addresses.   Those that do, they get bombarded with MY COUNTEROFFER PROPOSAL and I usually get no reply afterwards from the same spammer address.  Too bad!!  (For example, if they ask for $60, I ask them for $30 FIRST.  If they ask for my name & address, I ask them for theirs FIRST.  Sometimes, I tell them to circumcise their own putrid parts.)

  • Anonymous on



  • Dave on

    Are you an idiot? What environment do you work in that you think an ISP is going to keep all spam out? If your talking internet mail then fine but private email is completely open. Wake up ! Spam continues to be a huge problem !

  • Anonymous on

    At 71 I'm no retard.  I stopped letting my email service ISP block my spam years ago, as it also blocked my sister, etc.  Meanwhile, Norton and Thunderbird both have local spam filtering I find helpful, for the most part.  But I don't delete the spam right away!

    I send every spam email I get to the Federal Trade Commission at SPAM@UCE.GOV, complete with the message source information (in Thunderbird, Ctrl-U, click in window, Ctrl-A, Ctrl-C and then Ctrl-V in the forwarded message window.)  Just a few mouse clicks and it's on its way in five seconds.  This is the only way to eliminate the spam, by eliminating the spammers.  Don't delete, fight back!

  • Emma Sullivan on

    Why aren't the companies whose products are for sale in the spam messages prosecuted?  I get about 30 messages a day selling drugs.  Why am I even getting these messages?  Do they really think I'm going to buy a drug that makes the penis I don't have BIGGER?

    Equally at fault are e-mail hosts, and the most despicable is HOT MAIL.  Spam messages all have sender addresses like . . .!!!!!  HOT MAIL shouldn't allow such e-mail account names to be created.  And, don't be fooled by HOT MAIL's BS about trying to help eliminate spam, by providing . . . because anything you forward there immediately is returned as UNDELIVERABLE.  HOT MAIL IS FULL OF CRAP, they know exactly what's going on and could care less.


  • Anonymous on

    I use a product called Firetrust Mailwasher because I have multiple addys and it allows me to view all email from all accounts prior to it being downloaded to my server!  This has saved me from many infections cause I can deal with the email while it is still on the server and not my machine.  You can mark for deletion, blacklist, and even bounce - doing all email at the same time, plus it has many other features that help deal with spam and unwanted email!  Then with the one click you download just the email you want!  It is wonderful software and very reasonably priced!

  • Cole Mayes on

    Oh man! I've been HAMMERED by virtually non-stop requests to add spammers to my Windows Live Messenger contacts. It appears no way to stop these undesired requests except to not use WLM, which isn't feasable.

    Additionally, have any of you seen or heard of the kido.h, or kido.i worm entering through a file called bpjgoy.i in the system32 folder? I have searched the web looking for this bpjgoy.i and nothing is found. Plenty on kido.h trojan, but not how it is entering through this file.

    Any information would be HIGHLY appreciated. :-)


Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.