The Deadly Duo: Spam and Viruses, July 2005

Heightened spam and virus activity in July follows a cyclical pattern established over the past several years. Several software security firms noticed elevate activities in July.

On a year-over-year basis, Commtouch reports it found 43 percent more spam in July, 2005 than in July last year, and 20 percent more than in June, 2005. Spam is on the rise and is apparently more health-oriented. Commtouch finds 31 percent of spam content is now pharmaceutical-related. Financing offers come in at nearly 18 percent, while offers for various types of sex enhancers represent nearly 15 percent of volume (up from 10 percent last month). Porn-related spam now accounts for nine percent, down dramatically from 19 percent in June. Other firms noticed a decline in pornographic spam last month including Clearswift, which pegged June’s porn spam at five percent.

Spam continues to flow from all regions of the globe. China (19 percent), South Korea (17 percent), and the U.S. (15 percent), continue as top sources for spam origination, according to Commtouch.

’Bot networks of compromised computers taken over by viruses and other exploits that are used for spamming and other malicious purposes continue to be a worldwide problem. Seoul, South Korea leads all other nations with the most ’bot-infected PCs. In July 2005, the city accounted for four percent of the world’s total, according to Symantec. Winsford and London, both in the U.K, rank second and third respectively with four and three percent of total number of global ’bots. In North America, Toronto, Canada holds the top spot for ’bot infected PCs, though it only ranked 13th globally. New York was the North American second, ranking 19th globally.

According to Postini, July also marked the highest recorded level of phishing emails in a given month. The July total was 16 percent higher than in June, 2005, when the previous record was set. The news isn’t all bad. Postini says the number of virus-infected messages actually declined 20 percent in July in comparison to June.

Netsky, Mytob and Zafi variants continue to dominate top 10 virus lists at multiple security vendors. According to Patrick Hinojosa, CTO of Panda Software, his firm didn’t have any notable virus events in July.

“It has been quiet,” Hinojosa told ClickZ Stats.

July’s relative quiet may well be the calm before the storm. Panda Software warns August has traditionally been a month in which many damaging attacks occur. Last year, August saw the introduction of Bagle.AH, Mydoom.N and Bagle.AM. Previous August introductions have included Sircam, CodeRed, Minmail, Sobig.f, and Blaster.

“We’ve noticed in some years an uptick in August in launches of malicious software,” Hinojsa explained. “In the past, it’s been email worm viruses.”

Most Prevalent Viruses on the Web, July 2005
Postini	Kaspersky	Sophos	Panda
mytob	Email-Worm.Win32.NetSky.q	W32/Netsky-P	W32/Sdbot.ftp
netsky	Net-Worm.Win32.Mytob.c	W32/Mytob-AS	Exploit/Mhtredir.gen
bankfraud	Email-Worm.Win32.Zafi.b	W32/Mytob-BE	W32/Netsky.P.worm
mime	Email-Worm.Win32.Zafi.d	W32/Mytob-EP	W32/Gaobot.gen.worm
bagle	Net-Worm.Win32.Mytob.be	W32/Zafi-D	Trj/Qhost.gen
zafi	Net-Worm.Win32.Mytob.bk	W32/Mytob-CX	VBS/Psyme.C
mydoom	Email-Worm.Win32.NetSky.aa	W32/Netsky-D	Exploit/Mhtredir.BS
lovgate	Net-Worm.Win32.Mytob.bt	W32/Mytob-CJ	W32/Smitfraud.B
klez	Email-Worm.Win32.NetSky.b	W32/Mytob-CN	Trj/Downloader.DEW
bagz	Net-Worm.Win32.Mytob.bi	W32/Mytob-AT	W32/Parite.B
Source: Postini, Kaspersky Lab, Sophos, and Panda Software, 2005

Popular Spam Topics:
Category	Prevalence (%)	Typical Themes
Pharmaceutical	31.16	Viagra, Xanax, Cialis
Financing	17.53	Mortgage, generic loans
Sex enhancers	14.55	“Surprise your girlfriend today”
Porn and dating	8.71	Teen Webcams, bored housewives
Software	8.53	Microsoft, Macromedia
Gifts and shopping	6.82	Watch replicas, cigarettes, tobacco
Computer hardware and electronics	0.63	Cameras, iMac, iPod
Stocks	0.52	Pump-and-dump schemes
Source: Commtouch, 2005