The Deadly Duo: Spam and Viruses, March 2007
Spam levels reach 93 percent of all e-mail in March, fueled by botnets.
Spam levels reach 93 percent of all e-mail in March, fueled by botnets.
Total spam has increased 222 percent since November 2005 with 125 percent of the spike occurring in the last six months, according to data from Postini. Spammer objectives, over time, shifted from distributing self-propagating Internet worm viruses to creating botnets (define), which in turn disseminate more spam, with the goal of converting additional botnets.
“By sending massive quantities of these emails timed with specific mainstream or newsworthy events, hackers only need a tiny fraction of these emails to get through and trick users into clicking on the attachment and infecting their PC,” a Postini report said.
Botnet data are substantiated by a Ferris Research report detailing the cost of spam in the U.S. and on a global scale. Costs associated with spam, including productivity loss, are estimated at $17 billion in 2005 for U.S. businesses. That’s up from $10 billion in 2003.
A dramatic increase in new pieces of malware (define) was observed by Sophos. While Sophos-identified threats in Q1 2007 reached 23,864, double the volume of the same quarter last year, the percentage of infected e-mail has dropped. Infected e-mail occurs in 1 in every 256 e-mail messages, or 0.4 percent, compared to 1 in every 77 e-mail messages, or 1.3 percent, in 2006.
Threats occur increasingly on Web sites. A daily average of 5,000 new infected sites appeared between January and March this year. “This route to infection is becoming more popular with cybercriminals,” a Sophos report said. “With computer users becoming increasingly aware of how to protect against e-mail-aware viruses and malware, hackers have turned to the Web as their preferred vector of attack.”
Hackers create a portion of infected Web; however, 70 percent of sites containing malicious code are legitimate ones vulnerable to attack from a lack of updated patches and poor coding and maintenance.
Kaspersky Lab observes three distinct malicious programs in high circulation over the past few months increasing in volume. Each division group competes with the others for dominance. Three threat families dominating the top 20 are the Warezov worms, Bagle, and Zhelatin variants. Older malicious programs are beginning to reenter circulation.
Top 20 Viruses, March 2007 | ||
---|---|---|
Position | Name | Percentage |
1 | Trojan-Spy.HTML.Bankfraud.ra | 31.93 |
2 | Email-Worm.Win32.NetSky.q | 13.96 |
3 | Email-Worm.Win32.Bagle.gt | 10.69 |
4 | Email-Worm.Win32.NetSky.t | 8.50 |
5 | Email-Worm.Win32.Warezov.jx | 8.23 |
6 | Email-Worm.Win32.NetSky.aa | 3.89 |
7 | Net-Worm.Win32.Mytob.c | 2.32 |
8 | Email-Worm.Win32.Scano.gen | 1.60 |
9 | Email-Worm.Win32.NetSky.b | 1.38 |
10 | Email-Worm.Win32.Mydoom.l | 1.32 |
11 | Exploit.Win32.IMG-WMF.y | 1.25 |
12 | Worm.Win32.Feebs.gen | 1.22 |
13 | Email-Worm.Win32.Warezov.do | 1.20 |
14 | Email-Worm.Win32.NetSky.x | 1.03 |
15 | Email-Worm.Win32.Mydoom.m | 0.88 |
16 | Email-Worm.Win32.Zhelatin.dam | 0.82 |
17 | Email-Worm.Win32.Bagle.gen | 0.78 |
18 | Net-Worm.Win32.Mytob.bt | 0.63 |
19 | Net-Worm.Win32.Mytob.dam | 0.53 |
20 | Packed.Win32.PePatch.gr | 0.51 |
Other malicious programs | 7.33 | |
Source: Kaspersky Lab, 2007 |