MOUNTAIN VIEW, Ca. – In Symantec’s October Monthly Spam report, the most significant finding was the percentage of malware detected in all e-mail messages increased 12-times.
Between June and September, the amount of malware detected in scanned e-mail messages increased from a tenth of a percent in June to 1.2 per cent in of September. The increase in the number of spam messages containing URL links to malware were designed to infect other computers with viruses and Trojans instead of promoting a spam product.
Dermot Harnett, principal analyst with Symantec, also noted that spammers were also sending e-mail messages with attachments in order to spread malicious code. The majority of this malware appeared in zip and RAR file payloads and was detected by antivirus filters. After zip and RAR files, the next most common payload vector for malware was those that were imbedded in the source code of e-mail messages.
He reiterated, as a general rule of thumb, the caveat that people should never open links or attachments from unknown senders.
Symantec also noted an interesting trend with the number of active zombies and their presence around the world. Zombies are a computer that has been compromised and is being used for various criminal-related interests such as sending spam, hosting websites that advertise spam and acting as DNS servers for zombie hosts.
In August of this year, when compared to July of this year, Symantec noted a 37 per cent drop in the active zombie population. However, in September, there was a 101 percent increase in the number of active zombies sending spam.
For this period, the EMEA region was the leading source of all zombie IP addresses. Of the countries making up the EMEA region, Turkey was the top producing country. For the other regions the top producers were Brazil in Latin America, United States in North America and India in Asia-Pacific and Japan.
South Korea led the list with a 4236 per cent increase in zombie machines. Turkey and China also showed a 310 per cent and 229 per cent increase respectively over the past month.
“In Europe, broadband usage is taking off so there is a link between that and the increase in zombies,” said Harnett.
He added that the increase in the amount of zombies also coincides with the increase in e-mail messages carrying links to downloadable exploits which were characterized by their use of sensational news headlines. It also coincides with an increase in e-mail messages carrying attached viruses in the form of zip and RAR files.
Speaking of sensational news headlines, Symantec also noted an increase in spam that exploits the current economic worries. As news of the economy continues to dominate headlines, it is apparent that spammers will continue to use this angle to try and exploit e-mail users in order to collect personal information from their targets.
“We expect [this spam] to continue as people talk [about the economy] in their homes,” noted Harnett.
The U.S. presidential election is also seeing its far share of spam as the November 4 election date nears. During August and September 2008, Symantec noted that the activities of the candidates were being used to spread malware. In January 2008, Symantec reported presidential polling scams promising gift cards and t-shirts in exchange for opinions on the election. During September 2008, this scam continued.
Harnett said that when the election is over, spammers will move on to the next event and warns people to be prepared for an influx of Halloween spam, Thanksgiving spam and Christmas spam that will be coming to their inboxes in the coming months.
This column was written by Vanessa Ho of ConnectIT, an IntegratedMarCompany
a>>
