Share
In its bi-annual TRACElabs report, Web and e-mail security vendor Marshal8e6 reports that five botnets are the reason for 75 percent of the world’s Spam problem. Of those junk e-mails, the Rustock botnet alone sends 40 percent of them.
Botnets send seventy-five percent of all spam report says. (IMG:J.Anderson)
Related to the Spam numbers, the TRACElabs report said that, despite McColo’s takedown and the loss of 3FN, Spam volumes jumped 60 percent in the first half of 2009.
When 3FN and McColo were taken down, Spam took a huge hit and, for a while, levels simply plummeted. However, after a few months, that drop turned into a steady climb that has only increased since the fourth quarter of 2008.
According to the TRACElabs report, the 60 percent increase is due, in part, to the Rustock botnet, which sends 40 percent of Spam, and the Cutwail botnet, which sends the second largest volume with 11 percent. Mega-D, Grum, and Xarvester make up the remaining botnets. Donbot also gets a mention in the report as well, but it sends nowhere near the levels of Spam the other bots account for.
Rustock is a sophisticated and prolific spamming machine, the TRACElabs report outlined, with individual Rustock bots among the fastest at sending Spam.
“...we clocked one individual bot at 25,000 messages per hour from a standard desktop PC,” the report explained.
Rustock will use a rootkit to hide itself on the infected system, and changes its Spam templates often. It typically uses HTML templates from legitimate newsletters, inserting its own images and URL links.
“This helps give Rustock Spam the appearance of legitimate email and an air of authenticity, which helps it fool some Spam filters and, more importantly, makes the messages harder to recognize as Spam for users. It focuses almost exclusively on male enlargement treatments and other pharmaceutical drugs,” said Bradley Anstis, director of technology strategy at Marshal8e6.
“While legal entities and the security community have made strides in combating hosting servers that support malicious botnets, we've seen a number of new tactics from the Spammers themselves taking hold in the first half of 2009.”
Canadian Pharmaceutical Spam, which is mostly ads for pills and other medical advancements, accounted for almost 50 percent of those Spam samples seen by TRACElabs.
According to the report, it is being actively pitched by at least eight botnets. The odds of the Spam making it through various Spam filters and countermeasures are better than average too. Images are a popular trick for Spammers and those types of Spam messages spike to 10 percent of all junk traffic hitting inboxes.
On the Web side of things, the TRACElabs report said that blended threats were continuing to pose problems online, as malicious e-mails with links to risky sites were still arriving at a steady pace. It also reported a trend that criminals are in the habit of using older vulnerabilities to exploit their victims.
Massive attacks online were also mentioned, as the report calls them a continuing problem. “Around 70% of the Websites hosting malicious code today are legitimate Websites that have been hacked, as opposed to specific sites that have been set up by the criminals,” the report said.
“Web browsers are categorically one of the most dangerous applications on a user's computer,” Anstis added. “All it takes is a simple click on a link in a fake email or Facebook message to have your credentials stolen and your network compromised. It's essential that users know what to look out for as they browse the Web and that their networks are protected by security technologies at the Web gateway that monitor for suspicious content.”
The full report can be found online here.
Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story