Wednesday,19 March, 2025

Subscribe to Newsletter
HOME
 		  NEWS
 		  Knowledge Center
 		 
News

Botnet Closures Fail To Stem Flow Of Spam In The First Quarter Of 2011

Published May 15, 2011

Overview, the closure of the Rustock botnet command centers on 16 March 2011 did not impact spam traffic as dramatically as last year’s Pushdo/Cutwail and Bredolab closures: the quantity of spam fell by 2-3 percentage points for a day or two before bouncing back again. “This could be due to the closure of SpamIt, a large pharmaceutical partner program, and the fact that Rustock, which specialized in pharmaceutical spam, may well have ceased sending out mass mailings at the end of last year. It could be that the botnet was just used for different purposes.

It is also possible that the cybercriminals themselves preferred to lie low for a while given the interest in botnets shown by law enforcement agencies in the latter stages of 2010,” explains Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab.

As a result, the amount of spam detected in mail traffic in the first quarter of 2011 averaged 78.6% - an increase of 1.4 percentage points compared with the previous quarter, though still 6.5 percentage points less than the corresponding figure for last year.

- Sources of spam:

In Q1 2011, the Asian and Latin American share of the total volume of spam worldwide grew (+2.93 and +3.85 percentage points respectively) while the amount of spam originating from eastern and western Europe fell by 5.64 and 2.36 percentage points respectively. Africa joined the list of the most active spam senders: the volume of unsolicited messages coming from African countries accounted for 3.66% of the worldwide spam total, exceeding that of the USA and Canada. These figures are in line with Kaspersky Lab’s forecasts that botnets would start shifting to regions with less effective or non-existent anti-spam legislation. However, cybercriminal activity suggests that in future botnets will also be developed in better protected regions meaning they will be spread relatively evenly across the globe, much as they are now.

- Spammer tricks and techniques:

In Q1 of 2011, spammers made use of some tried and tested tricks and techniques to bypass filtering. Sending out spam emails containing a link to a video clip advertising spammer services was one of them. Another trick saw emails that read “Stop sending me spam” allegedly written by an angry recipient of spam. The email was in fact itself spam with a link leading to a spammer’s site. Unfortunately, Q1 saw some tragic events including earthquakes and a major tsunami in Japan. Needless to say, spammers tried to capitalize on these events by tricking users into parting with their money by pretending to be part of the humanitarian relief effort. (A fuller version of events related to the Japanese earthquakes and tsunami is presented in the graph “The Japan Crisis An IT Security Timeline”.)

- Malware in mail traffic:

Trojan-Spy.HTML.Fraud.gen maintained its leading position in the Top 10 rating of malicious programs distributed via mail traffic in the first quarter of 2011. This Trojan uses spoofing technology and appears in the form of an HTML page. It comes with a phishing email containing a link to a fake site resembling that of a well known bank or e-pay system where the user is asked to enter a login and a password that will be used by fraudsters to access his/her confidential data.

The most notable entries in the Top 10 malicious program to spread via email belonged to a mail worm family and accounted for four of the rating’s ten entries. The main purpose of malware such as this is to harvest email addresses and spread themselves via mail traffic.

- Phishing:

In the first quarter of 2011 the volume of phishing emails was very small and accounted for only 0.03% of all mail traffic. PayPal and eBay remained in the unenviable position of being the organizations most frequently targeted by phishers. They were followed by Habbo, Facebook and erstwhile leader HSBC.

“Notably, in the first quarter of 2011 Google services such as Google AdWords and Google Checkout were attacked much less often. The phishers switched their attentions to the highly popular Brazilian social network Orkut which is owned by Google. The attacks on this social network reached 1.96% of the total, putting it in 12th place in the list of organizations most often targeted by phishers,” said Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab. “It is worth mentioning that user accounts belonging to Google’s services, including Orkut, are interconnected. Thus, having acquired credentials for one of these accounts, a cybercriminal can access any Google service registered to the same user.”

View the full version of Spam in the First Quarter of 2011 at Securelist.com.

For more information:

Cynthia Darwish
Account Manager
GolinHarris, Dubai
T: +971 50216 3352

Sousie Babekian
Account Executive
GolinHarris, Dubai
T: +971 50 5950735


Rate This:

Posted by VMD - [Virtual Marketing Department]

Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution
  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam
  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email
  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy
  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains
  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments
  Rackspace Wins 2017 Red Hat Innovator of the Year Award
  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work
  4 Tech Hacks to Faster Customer Onboarding
  New Mimecast Report Detects 400% Increase in Impersonation Attacks
Contact Us
Site Map
News RSS
Terms of Use

Developed & Managed By ROOT Technologies - Copyrights ROOT Technologies - All Rights Reserved.