At its peak, spam related to the New Year accounted for 7.7 percent of all spam on a single day and more than 50 percent of New Year related spam was sent by the Grum and Cutwail botnets combined. Spammers are now moving away from the New Year themes and are expected to next latch onto Valentine’s Day-related spam topics. Spammers and phishers have also been quick to take advantage of the tragedy that struck Haiti to generate advanced-fee fraud scams. As many countries seek to offer humanitarian aid and relief, the scammers are looking for ways to exploit those donation efforts counting on the public’s concern and desire to help to cloud their good judgment.
With 83.4 percent of spam originating from botnets at the end of 2009, MessageLabs Intelligence calculated that the remainder of spam, 0.9 percent — the equivalent of 900 million spam emails, originated from free webmail accounts. More than 79 percent of webmail spam came from three well-known free webmail service providers.
"Despite the best efforts of the webmail providers to prevent this abuse of their services, there is still a viable market in the underground economy for buying and selling legitimate and usable webmail accounts," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services.
In December 2009, MessageLabs began tracking a new botnet called Lethic, which quickly accounted for 2.5 percent of all spam. Within the first week of January, spam from Lethic increased to less than four percent of all spam and then peaked at 5.25 percent of all spam on 8 January before dropping off to nothing.
"Lethic seems to have disappeared almost as quickly as it arrived," Wood said. "The spam it had been sending was roughly an even mix of pharmaceutical and replica watch spam. Interestingly, the Bagle botnet was sending the exact same spam with the same hyperlinks as Lethic and over the same time period leading us to believe that Lethic possibly came from the same creators as Bagle or the people behind the spam may have hired the resources of more than one botnet gang to increase output."
Finally, MessageLabs Intelligence took a look at how the advertised price per 100 mg of the medication used to treat male impotence and commonly exploited in spam messages has changed over the past year and how the spammers may have been affected by last year’s financial crisis. MessageLabs Intelligence found that the spammers’ price peaked for the medication at $6 per 100 mg in early 2009 and then rapidly declined during June and July 2009 to between $2 and $3. The price stabilized at $1.60 at the end of 2009 and remained there through the beginning of 2010.
"While it’s almost impossible to say this trend in pricing is a true reflection of the state of spam economy, MessageLabs Intelligence will continue to analyze this data to learn whether the prices return to their former high levels as the global economy continues on its recovery," Wood said.
Other report highlights:
Spam: In January 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 83.9 percent (1 in 1.2 emails), a decrease of 0.3 percent since December 2009.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 326.9 emails (0.31 percent) in January, a decrease of 0.03 percent since December 2009. In January 13.2 percent of email-borne malware contained links to malicious websites, a decrease of 5.9 percent since December.
Phishing: In January, phishing activity was 1 in 562.3 emails (0.18 percent), a decrease of 0.11 percent since December 2009. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had decreased by 14.3 percent to 65.3 percent of all email-borne threats.
Web security: Analysis of web security activity shows that 41.4 percent of all web-based malware intercepted was new in January, an increase of 0.6 percent since December. MessageLabs Intelligence also identified an average of 1,760 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 56.2 percent since December.
- Spam levels in Denmark fell by 0.6 percent in January, but Denmark remained the most spammed country with levels of 94.8 percent of all email.
- In the US, spam decreased to 91.6 percent and to 89.7 percent in Canada. Spam levels fell to 90.0 percent in the UK.
- In the Netherlands, spam levels reached 92.4 percent, while spam levels in Australia reached 90.6 percent.
- Spam levels in Hong Kong reached 92.1 percent and spam levels in Japan were at 88.2 percent.
- Virus activity in China rose by 0.13 percent to 1 in 121.4 emails, placing it at the top of the table for January.
- Virus levels for the US were 1 in 440.3 and 1 in 383.1 for Canada. In Germany, virus levels were 1 in 271.6, 1 in 496.4 for the Netherlands, 1 in 644.1 for Australia, 1 in 331.9 for Hong Kong and 1 in 396.5 for Japan.
- The UK was the most active country for phishing attacks with 1 in 253.6 emails.
- In January, the most spammed industry sector with a spam rate of 95.1 percent was the Engineering sector.
- Spam levels for the Education sector were 92.1 percent, 91.0 percent for the Chemical & Pharmaceutical sector, 91.5 percent for IT Services, 92.3 percent for Retail, 89.3 percent for Public Sector and 90.1 percent for Finance.
- Virus activity in the Public sector fell by 0.33 percent but moved to the top of the table with 1 in 109.7 emails being infected in January.
- Virus levels for the Chemical & Pharmaceutical sector were 1 in 230.9, 1 in 353.4 for the IT Services sector, 1 in 607.2 for Retail, 1 in 187.7 for Education and 1 in 391.5 for Finance.
The January 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx. [January 25, 2010]
Send this IT news to a friend