Home / / Rustock take-down does not affect spam levels

Rustock take-down does not affect spam levels

Average amount of spam increases 1.4 percentage points for Q1 2011

Rustock take-down does not affect spam levels
The take-down of the Rustock botnet has not reduced the amount of spam globally, according to Kaspersky, in fact spam has risen for Q1 2011.

Quantities of spam dropped 2-3 percentage points before bouncing back up to previous levels after the closure of the Rustock botnet command centres on 16th March 2011, according to Kaspersky Lab.

The closure of Rustock did not have nearly as much impact on global spam levels as the Pushdo/Cutwail and Bredolab closures in 2010.

"This could be due to the closure of SpamIt, a large pharmaceutical partner programme, and the fact that Rustock, which specialised in pharmaceutical spam, may well have ceased sending out mass mailings at the end of last year. It could be that the botnet was just used for different purposes. It is also possible that the cybercriminals themselves preferred to lie low for a while given the interest in botnets shown by law enforcement agencies in the latter stages of 2010," explains Darya Gudkova, head of Content Analysis & Research at Kaspersky Lab. 

The average amount of spam detected in mail traffic on Q1 2011 averaged 78.6%, an increase of 1.4 percentage points as compared with Q4 2010. However, this figure is still 6.5 percentage points higher than Q1 2010,

In Q1 2011, the share of spam from Asia and Latin America worldwide grew 2.93 and 3.85 percentage points respectively, while spam from both eastern and western Europe fell 5.64 and 2.36 percentage points respectively.

Africa joined the list as one of the most active spam sending continents, with the volume of spam messages equaling 3.66% of all spam sent globally, exceeding the amount of spam sent from both Canada and the USA. Kaspersky earlier predicted that spammers would begin shifting their operations to regions which have little or no anti-spam legislation.

Kaspersky revealed that it expects spam to be developed in countries with better protected regions, so they will be spread evenly across the globe.

In Q1 of 2011, spammers did not vary methods of trapping victims much, one of the more popular tactics, according to Kaspersky, was to send out links to a video clip advertising spammer services, another trick saw emails that read "Stop sending me spam" allegedly written by an angry recipient of spam. The email was in fact itself spam with a link leading to a spammer's site.

Spammers also took advantage of the disasters in Japan to send out spam capitalising on these events and getting victims to part with their cash for fake charities and fraudulent relief efforts.

Trojan-Spy.HTML.Fraud.gen maintained its leading position in the Top 10 rating of malicious programmes distributed via mail traffic in the first quarter of 2011.

This Trojan appears in the form of an HTML page and comes with a phishing email containing a link to a fake site resembling that of a well-known bank or e-pay system where the user is asked to enter a login and a password that will be used by fraudsters to access confidential data. The other top entry in the Top 10 most malicious programmes was a mail worm family that harvests email addresses and spread themselves via mail traffic

eBay and PayPal remain the sites most frequently targeted by phishers, but Q1 2011 saw a very small volume of phishing emails, which accounted for 0.03% of all mail traffic.

"Notably, in the first quarter of 2011 Google services such as Google AdWords and Google Checkout were attacked much less often.  The phishers switched their attentions to the highly popular Brazilian social network Orkut which is owned by Google. The attacks on this social network reached 1.96% of the total, putting it in 12th place in the list of organisations most often targeted by phishers," said Maria Namestnikova, senior Spam Analyst at Kaspersky Lab. "It is worth mentioning that user accounts belonging to Google's services, including Orkut, are interconnected. Thus, having acquired credentials for one of these accounts, a cybercriminal can access any Google service registered to the same user."

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.