Spam Report – October 2009

A sharp increase in spam containing malware has been observed by security specialists

Tags: Cyber crimeMalwareMessageLabs IncorporatedSymantec CorporationUnited Arab Emirates
  • E-Mail
Spam Report – October 2009 There's been a nine fold increase in spam containing malware this month.
By  Vineetha Menon Published  October 7, 2009

The United Arab Emirates presently registers a spam rate of 91%, a sharp increase from last month's average of about 85%.

The figure is high compared to the global spam rate that's set at about 86% according MessageLabs research.

Symantec's latest State of Spam report has observed an alarming trend - a nine fold increase in spam containing malware was observed this month, compared to the previous month.  That's a lot of malware! The spam types that experienced the greatest change during the past month were Internet spam which now averages at 32% of all spam and financial spam that now accounts for 17% of all spam.

The United States is still the top spam origin region while botnets have now been identified as being responsible for sending 87.9% of all spam. They show no signs of abating. A newer botnet, Maazben, has experienced rapid growth since its infancy in late May (mainly sending out casino-related spam) while Rustock, one of the oldest and largest botnets, has doubled in size since June and established a predictable spamming pattern.

Rustock is the largest in terms of number of bots - at 1.3 to 1.9 million bots - but has kept its output per bot relatively low.

"Over the past year, we have seen a number of ISP's taken offline for hosting botnet activity resulting in a case of sink or swim and an ensuing shift in botnet power," said Paul Wood, MessageLabs Intelligence senior analyst at Symantec. "This has undermined the power of the more dominant botnets like Cutwail and cleared the way for new botnets like Maazben to emerge. However, this won't always be the case as botnet technology has also evolved since the end of 2008 and the most recent ISP closures now have less of an impact on resulting activity as downtime now only lasts a few hours rather than weeks or months as before."

The report also found that 80% of domains being blocked as malicious for serving up malware are in fact compromised, legitimate websites.

"It is of greater benefit to an attacker to compromise a legitimate website as opposed to setting up a newer, specialized domain to serve up malware," Wood said. "Fundamentally, using legitimate websites to spread malware reduces the labor for the cybercriminals and extends the lifetime of the malware." MessageLabs identified an average of 2,337 new websites per day that harbor malware and other potentially unwanted programs such as spyware and adware.

The global ratio of viruses in email traffic from new and previously unknown bad sources was one in 399 emails, a decrease of 0.09% since August. The UAE is also showing a decrease in its virus rate - 1 in 352 emails this month compared to 1 in 229 last month.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code