Increased Spam Levels Fuelled Through Aggressive Botnet Activities

MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, made public the results of its MessageLabs Intelligence Report for October 2006.

In this report, MessageLabs highlights the sudden increase in spam levels as spammers gear up to the holiday season, attributed to a huge rise in recent botnet activities and the latest outbreak of the Warezov virus, responsible for dropping an aggressive spam Trojan.

A spam-sending Trojan dubbed "SpamThru" is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails.

The developers of SpamThru exploited numerous tactics to eliminate detection and enhance outreach such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection.

Furthermore, SpamThru employed the "spam cannon" technique and by utilizing a template for each spam it sent out and combining it with a list of email addresses, each zombie was able to pump out millions of spam emails and avoid detection.

The other contributing factor to the increase this month was the Trojan dropper called Warezov, one of the most aggressive Trojans seen this year. The initial strain of Warezov was seen on 14 August, however the most aggressive and virulent batch of variants appeared at midnight on

26 October.

MessageLabs seized over 900,000 copies of the virus in the first 24 hours, when tens of thousands of copies of each variant were released in numerous batches. With each batch being different from the previous one, even a few bytes changed in the code allowed the Trojan to pass undetected though traditional anti-virus protection.

Being a dropper it is uncertain as to what the Trojan is being used for, however it seems clear that there is a connection with the huge rise in spam levels around the world. Whether Warezov is connected to the SpamThru Trojan remains to be seen and analysis continues.

Other report highlights:

Spam: In October, the global ratio of spam in email traffic from new and unknown bad sources was 72.9 percent (1 in 1.37 emails), an increase of

8.5 percent on the previous month. This is the sharpest rise in spam levels since January 2006, when an increase of 9.2 percent was experienced.

Viruses: The global ratio of viruses in email traffic from new and previously unknown bad sources destined for valid recipients was 1 in

100.3 emails (1.0 percent) in October, a decrease of 0.12 percent since last month. Despite these lower numbers, October witnessed the alarming attack from the Warezov Trojan, resulting in a continuous burst of new variants unable to be detected by traditional means. The net effect from Warezov was an explosion in the number of spam-sending zombies on the Internet, further aggravating an already acute spam problem.

Phishing: October showed a slight decrease of 0.06 percent in the proportion of phishing attacks compared with the previous month. One in 190 (0.53 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats, the number of phishing emails has stabilized after a significant increase of 30.7 percent in September. 52.9 percent of all malicious emails intercepted by MessageLabs in October were phishing attacks, an increase of 0.5 percent on the previous month. Phishing attacks continue to be targeted mostly at banks that have not yet deployed any two-factor authentication security measures.