MessageLabs reports spike in botnet activity for February 2009
By SearchSecurityAsia editors | Feb 25, 2009
The February 2009 MessageLabs Intelligence Report highlighted that, although spam declined by 1.3% to 73.3% of all emails in February, levels as high as 79.5% were experienced at the start of the month due to a spike in botnet activity and spammers leveraging the financial crisis and Valentine’s Day for their latest spam antics.
“February saw the spammers pulling at both the heart and the purse strings with the emphasis on Valentine’s Day and the global recession. Although spam levels declined slightly this month, the level of activity around Valentine’s themed spam reached unprecedented highs accounting for 9% of all spam messages,” said Paul Wood, MessageLabs Intelligence senior analyst, Symantec.
“With the financial crisis front of mind for many organizations and consumers, spammers and phishers are using this topic to their advantage and targeting people when times are tough.”
For the first time in more than a year, February saw the re-appearance of search engine re-directs which topically referenced the financial crisis. The ‘recession spam’ email messages contained text such as “Money is tight, times are hard. Christmas is over. Time to get a new watch!” The phishing community also used the current financial climate to their advantage; at a time when concerned consumers may not be surprised to hear from their banks, phishing attacks have risen to one in 190.4 emails, from one in 396.2 in January 2009.
Since the beginning of February, the proportion of Valentine’s Day themed spam rose from 2 % to more than 9 %, with the vast majority of this type of spam, almost 7 %, originating from the Cutwail (Pandex) botnet. Currently the largest botnet, Cutwail dedicated approximately 90 % of its output to Valentine’s Day messages, estimated at 7 billion each day.
Finally, MessageLabs Intelligence intercepted a new technique involving forged headers on targeted Trojan attacks. Added to an email as it is passed between two mail servers, headers act as a vapor trail so that the path of that email can be tracked. With many attackers not bothering to include headers as a means of falsely authenticating their emails, the use of real-world examples in the most recent attempts made the email stand out as being suspicious.
Other report highlights included:
Web security: Analysis of Web security activity shows that 26.1 % of all web-based malware intercepted was new in February. MessageLabs Intelligence also identified an average of 941 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 22.1 % since January.
Spam: In February 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 73.3 % (1 in 1.36 emails), a decrease of 1.3 % since January.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 304.9 emails (0.33 %), a decrease of 0.06 % since January. In February, 3.7 % of email-borne malware contained links to malicious sites, a decrease of 7.6 % since January.
Phishing: One in 190.4 (0.53 %) emails comprised some form of phishing attack, rising significantly since January 2009 levels of one in 396.2 emails. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 3.4 % to 61.6 % of all email-borne malware threats intercepted in February.
- Spam levels in France fell by 9.2 % in February; however France retained its position as the most spammed country with levels reaching 74.6 % of all email.
- All countries received a slight reprieve from spam this month with spam levels in the US falling to 57 %, 52.6 % in Canada and 66.6 % in the UK. Germany’s spam rate reached 69.1 % and 67.4 % in the Netherlands. Spam levels were Australia were 68.5 %, 72.8 % in Hong Kong, 67.8 % in China and 65.6 % in Japan.
- Virus activity in India rose by 0.16 % to 1 in 197.4 emails, placing it in the top position for viruses.
- Virus levels for the UK were 1 in 213.3, 1 in 424.5 for the US, 1 in 217.1 for Canada and 1 in 573.8 for Australia. Virus levels for Germany were 1 in 203.6 and in Japan they reached 1 in 450.8.
- In February, the most spammed industry sector with a spam rate of 67.9 % was the Education sector.
- Chemical and Pharmaceutical sector spam levels reached 59.8 %, 63.3 % for Retail, 62.5% for Public Sector and 58.9% for Finance.
- Virus activity in the Accommodation & Catering sector rose by 0.42 %, taking the vertical to the top of the table with 1 in 95.5 emails being infected.
- Virus levels for the IT Services sector were 1 in 347.5, 1 in 356.4 for Retail and 1 in 505.5 for Finance.