Commtouch releases Q2 2008 trend report

by Steve Ragan - Jul 9 2008, 21:59

Commtouch published its Q2 2008 report this week, and with it the results of three months of bad news. According to the report, the bots are winning. The Commtouch report looks at the day-to-day trends in e-mail, and follows the activities of botnets, or zombified computers that act without their owner’s control.

There are ten million computers, each one a part of a botnet, active on any given day around the world. These computers, which are tracked by IP address, are residents in some of the worlds biggest ISPs, including Telecom Italia, Brasil Telecom, and Verizon.

According to Commtouch, ISPs have been hit hard the past few quarters as spammers target port 25 directly, or hijack customer computers and create child e-mail accounts to do their spamming. Because the child accounts are valid, they will get past most internal e-mail defenses. Moreover, most IP addresses seen that are used by botnets are dynamic instead of static, the normal blacklist and IP blocking leads to misclassification and mistakes.

"Zombie networks or 'botnets' have become so enormous and agile, they are flooding email with increasingly malicious threats," said Amir Lev, Commtouch's CTO and President. "Many technologies attempt to identify and block email from senders known for sending malicious content, but they are not updated rapidly enough to keep up. By the time these lists are updated the threat has shifted to another set of zombies, leaving customers unprotected. On the one hand, ISPs have an obligation to protect their customers from unwanted email; however, they also have a responsibility to ensure that their customers are not a source of unwanted email by being part of these botnets."

Phishing also took a twist in Q2, according to the report, which outlined that: “Throughout the first half of 2008, University students and faculty members were taught a hard lesson in online security as waves of phishing scams were targeted at this vulnerable population. Messages were text-based, seeming to come from the IT department.”

And, if that wasn’t bad enough, “Google adwords served as the cover for a glut of phishing scams during April. The Subject lines were socially engineered to look like legitimate administrative messages Google Adwords account owners would reasonably expect to receive. If the recipient was enticed by the Subject, the body of the email contained links that appear to be legitimate Google links (e.g. www.adwords.google.com...). When clicked, the link redirected to a phishing site hosted on a Chinese .cn domain.”

So where do all these bots live? Turkey was the number-one home for most botnet IP addresses, while the U.S. resided close to ninth place.

Spam related to pills and other goodies is still a firm favorite, followed by stock related messages. “Pharma spam,” as it is called, comprised forty percent of all spam sent in the second quarter of 2008. The Storm Worm still lives on strong and has not stopped using news headlines to draw attention to the e-mail.

More details, including the full Q2 2008 report, can be viewed HERE.

Around the Web