Botnets were behind 95 per cent of spam during August, as email-bound spam increases

News by Dan Raywood

The UK has been responsible for 4.5 per cent of spam sent during August.

The UK has been responsible for 4.5 per cent of spam sent during August.

Symantec's August 2010 MessageLabs Intelligence Report revealed that the UK is now the fourth most frequent source of spam behind the US, India and Brazil. Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services, said that despite this rise in spam, the US is home to the greatest number of bots, most notably Rustock, which doubled its number of controlled computers from seven per cent in April to 14 per cent by August.

He said: “We have seen impressive activity from the usual botnet suspects, and in many cases there are likely to be newer incarnations of existing botnets that have been updated and there are also likely to be some brand new botnets that are now beginning to emerge.”

The percentage of spam sent from botnets has increased to 95 per cent of all spam, up from 84 per cent in April, with Rustock remaining the most dominant spam-sending botnet with 41 per cent in August up from 32 per cent in April.

Wood said that one factor in the increased throughput from Rustock is that the botnet has stopped using TLS encryption to send spam, thus speeding up connections. At its peak in March, TLS encrypted spam accounted for 30 per cent of spam from all sources and as much as 70 per cent of spam from Rustock. Now that the use of TLS in spam-sending has declined, it accounts for less than 0.5 per cent of all spam.

“It is likely that because TLS slow connections due to the additional encryption processing required to send a spam email, the botnet controllers realised that this tactic impeded their spam sending capabilities. As a result, Rustock's dominance has never looked better, as its spam-per-bot-per-minute rate more than doubled from 96 spam emails to 192,” he said.

The report found that in August, the global ratio of spam in email traffic from new and previously unknown bad sources was 92.2 per cent, an increase of 3.3 per cent since July. Also in August, 21.2 per cent of email-borne malware contained links to malicious websites, an increase by 4.1 per cent since July.

Analysis of web security activity shows that 34.3 per cent of malicious domains blocked were new in August, an increase of 3.8 per cent since July. MessageLabs Intelligence also identified an average of 3.360 new websites per day harbouring malware and other potentially unwanted programs such as spyware and adware; this was a decrease by 24.1 per cent since July.

Asked if he thought if the threat landscape was getting worse, Eric Olson, vice president of solutions assurance at Cyveillance, said: “I believe it is getting worse, and will continue to not only get worse, but the pace will accelerate in its sophistication and resources and the profit motives which we are focusing on is staggering.

“Botnets are criminal operations, and comments that a computer is ‘botted' means that the cyber criminal is working for free, they do not have employees, do not pay taxes and do not take holidays. The good guys go home at 5pm, the bad guys are at work 24 hours a day and the attacks keep on coming.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews