Spammers ‘Gearing Up’ Botnets for Holiday Rush

Spammers are pushing out e-mail borne malware at unprecedented rates in an apparent attempt to build up botnets in advance of the busy holiday shopping season, according to a report by Google. 

Spammers are pushing out e-mail borne malware at unprecedented rates in an apparent attempt to build up botnets in advance of the busy holiday shopping season, according to a report by Google. 

Writing on the company’s enterprise blog, Adrian Soghoian and Adam Hollman of the Google Postini Services Team surveyed data from the third quarter, 2010, and found that virus volume in spam e-mail increased 10% from the same quarter in 2009, even though spam volume decreased by 24% during the same period. 

High profile botnet crackdowns, such as the elimination of the Pushdo botnet in August, likely contributed to the overall decline in spam volume. But new botnets have sprung up to take their place. And, if the volume of spam was lower, it was also dirtier than in 2009. Virus levels increased 111% between August 2009 and August 2010, with 188 million viruses blocked in a single day – a record, according to the blog post. 

That may indicate a push to build out bot networks in advance of the holiday season, when many users go online to purchase gifts, and spammers are more likely to find success pushing their own wares, the Google researchers hypothesized. 

Other trends worth noting: 

E-mail viruses are taking advantage of previously sent e-mails harvested from the hard drives of infected computers to fool spam filters. The recycled e-mails, outfitted with malicious links or attachments, have a better chance at slipping by filters and getting opened because they use wording and content that’s natural and familiar to the recipient. 

URL shortening services such as bit.ly and tinyurl.com, which have blossomed with the advent of Twitter, are increasingly being used by spammers to mask malicious links. 

Spam masquerading as financial transaction messages and e-mail non-delivery report/receipt (NDR) notifications are increasingly popular lures for spammers, which lard them with malicious links or obfuscated JavaScript attacks that download malicious wares. 

Celebrity gossip – including false alerts about the untimely deaths of high profile celebrities – is a common lure to get e-mail recipients to open malicious e-mail attachments. 

Read more on Google’s Enterprise blog

Suggested articles