According to a report released today by Commtouch, malware sent via email increased by 400% in the last week of March 2011. Commtouch says this significant increase was detected two weeks after the Rustock botnet was taken down.
The rustock botnet was taken down in early March by an effort headed by Microsoft in cooperation with authorities and the legal system. Following the takedown, when the Rustock botnet was no longer cranking out spam by the billions, global spam volumes fell by one-third.
In its quarterly Internet Threats Trend Report, Commtouch, as other security vendors have noted, said that overall spam activity dropped around the New Year but rose significantly after the holiday period. From January to mid-March, spam averaged 168 billion emails per day until Rustock was eliminated, dropping spam to an average of nearly 119 billion messages daily. Zombie activity also dropped significantly after Rustock was taken down, but large increases of enslaved computers became evident following the malware outbreak at the end of the quarter.
Symantec’s MessageLabs unit reported that toward the end of 2010, Rustock had been responsible for as much as 47.5% of all spam, sending approximately 44.1 billion e-mails per day, according to MessageLabs stats.
“Botnets are an essential part of cybercriminal infrastructure, providing vast computing resources, bandwidth and anonymity,” said Asaf Greiner, Commtouch vice president of products. “Botnet takedowns will almost always result in significant attempts at rebuilding, to allow criminal operations to continue.”
Commtouch says that the first three months of 2011 were witness to a range of varied attempts to distribute malware including:
• Mass mailings of “parcel tracking information” purporting to come from UPS and DHL accounted for 30% of all emails sent during the peak of the outbreak
• Facebook chat messages from compromised user accounts led to phony Facebook applications and ultimately virus files
• PDF files with embedded script malware mimicked Xerox scanned documents
• The “Kama Sutra” virus tempted recipients with an explicit PowerPoint presentation
• T-Online’s personal homepage feature was abused to redirect visitors to fake antivirus downloads
Additional highlights from the Commtouch April 2011 Trend Report include:
• Spam levels averaged 149 billion spam/phishing messages per day during Q1, compared to the 142 billion spam/phishing messages per day in Q4 2010 and 198 billion in Q3 2010.
• Approximately 258,000 zombies were activated daily during Q1, a decrease compared to the 288,000 zombies in Q4 2010 and 339,000 during Q3 2010.
• The most popular spam topic in Q1 was again pharmacy ads representing 28% of all spam, down from 42% in Q4 2010.
• India keeps its title for the third quarter in a row as the country with the most zombies – 17% of all zombies worldwide.
• Parked domains were the website category most likely to contain malware.
• Streaming media/downloads continues to be the most popular topic for blog creators in the Web 2.0 sphere of user-generated content, with 21% of the generated content.
Commtouch’s quarterly trend report reflects the results of its analysis of billions of Internet transactions daily within the company’s cloud-based GlobalView™ Network.
