Home  › Email › Email Marketing

The Deadly Duo: Spam and Viruses, May 2006

  |  June 19, 2006   |  Comments

Employee spam management accounts for up to 12.5 percent of lost time on the job, while false positives pose problems in business and personal matters alike.

When spam makes its way into the inbox of a business account, it can sap an employee’s time as they filter out unwanted messages. A "Spam Personality" survey conducted by anti-spam solutions firm Reflexion Network Solutions finds employees spend as much as one hour per day deleting spam. That’s 12.5 percent of lost time for a staffer who works 1,824 hours per year.

The survey also identifies the perils of false positives (define) which include job termination, broken relationships, missed flights and other embarrassing situations.

While spam often transmits malicious code through attachments or by tricking recipients to visit a site to infect computers, several security firms have identified a worm that infects computers when the email is opened in Yahoo Mail. The JS/Yamann-A or Yamanner JavaScript worm exploits a vulnerability in Yahoo’s mail and Web group services. While the worm was widely reported, its impact on users of the Web-based mail system was reported to be minimal.

"In this instance, Yahoo detected a worm on Monday morning (June 12), which impacted a very small fraction of Yahoo Mail users. We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers and requires no additional action on the part of the user," said Yahoo Spokesperson Kelley Podboy.

Further remarks from Podboy assured users of the Web mail client of continued support and improvement. "Yahoo continues to take a multi-faceted approach to protecting consumers against scams and online threats throughout the use of enhanced filtering and email authentication technologies, industry collaboration, public policy efforts, and increasing consumer awareness," she said.

Sophos said none of its users were affected by the worm. Sophos also broke the code on a ransomeware Trojan known as Troj/Arhiveus-A or MayAlert. The malicious code is known to gather files from the "My Documents" folder and replace them with a ransom note demanding money, or in this case, that a user make a purchase from one of three online drugstores. The cracked 38-character password is "mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw" or at least for this particular round of the Arhiveus-A.

In May, Viruses and worms accounted for just 12.3 percent of all malware, according to the security firm. Trojan horses accounted for 85.1 percent of threats. The long-in-circulation Netsky-P still tops the list of most circulated malware. The worm was first seen in March of 2004.

Top 10 Reported Malware, May 2006
Position Virus Percentage of Reports
1 W32/Netsky-P 16.7
2 W32/Zafi-B 11.4
3 W32/Nyxem-D 7.5
4 W32/Mytob-AS 6.3
5 (tie) W32/Mytob-P 5.3
5 (tie) W32/Mytob-M 5.3
6 W32/Netsky-D 3.7
7 W32/MyDoom-O 3.6
8 W32/Mytob-FO 2.9
9 W32/Mytob-C 2.1
Others 35.2
Source: Sophos Plc., 2006

One in every 141 emails is virus infected, down from one in every 38 emails counted in May of last year. "The proportion of virus infected email has dropped considerably over the last year as hackers have turned from mass-mailing attacks to targeted Trojan horses," said a statement issued by the company.

Top 10 Reported Hoaxes and Chain Letters, May 2006
Position Virus Percentage of Reports
1 Olympic torch 18.6
2 Hotmail hoax 15.1
3 Justice for Jamie 4.8
4 Bonsai kitten 4.2
5 Budweiser frogs screensaver 4.1
6 Meninas da Playboy 3.8
7 MSN is closing down 3.0
8 Bill Gates fortune 2.8
9 MySpace J_Neutron07 virus 1.9
10 WTC Survivor 1.6
Others 40.1
Source: Sophos Plc., 2006

Postini filtered 25 billion email messages last month, an increase of 13 percent over April message levels. A majority 65 percent were rejected at the network layer where DHA (define) and DoS (define) attacks.

Increased levels of email traffic, and the large portion of mail being blocked outright by spam filters leads spammers to adopt new practices. "If every company has some sort of spam or virus filtering, the users are protected and can get their jobs done," said Andrew Lochart, senior director of marketing at Postini. "When it becomes that ubiquitous, the bad guys notice, they notice the URLs in spam messages don’t get clicked, phishing Web sites get removed by the ISPs in minutes instead of hours.

"They can increase the volume of garbage that gets sent out, or they can change their techniques for how that message is composed," said Lochart. One method that became prevalent over the past two years is to create a network of botnets (define) also known as zombies. More recently, spammers and distributors of malware have turned to attacks over instant messaging platforms.

Top Five Viruses, May 2006
Virus Name Quantity Blocked
MyTob variants 5,206,192
Netsky 2,492,450
Swen 1,340,982
Mydoom 803,051
Lovgate 788,252
Source: Postini, 2006

While zombie networks aren’t new, CipherTrust saw a 21 percent jump in the number of new zombie machines in May. The company reports over 7.5 million new zombie computers were created worldwide. The induction of new zombie machines lead to a 20 percent increase in overall email traffic. The month also saw an increase in randomized image-based stock spam messages. In these emails, spammers are using more challenging graphics-based messages to evade filters. While new zombie machines increase the volume of spam, the company’s research shows that the new image-based messages contribute to the rise in new zombie-infected computers.

"We believe there is a direct correlation between the rise of image-based spam attacks and the significant jump in the number of zombies and overall email traffic," said Dmitri Alperovitch, research engineer at CipherTrust, in a statement. "Spammers have come up with a new method of getting past many signature-based blocking systems and they are exploiting this and cranking out more spam in the last 30 days."

The Kaspersky Lab Online Scanner registered a handful of new threats, and the reappearance of two classics. The Hidrag.a and Redlof.a are both widespread Trojans. The older worms take longer to spread but tend to infect a large number of machines and tend to have difficult removal procedures. The firm said that while the virus made the list of most distributed threats, it may not constitute a real threat.

Online Scanner Top 20, May 2006
Position Name Percentage
1 Net-Worm.Win32.Mytob.c 27.61
2 Email-Worm.Win32.LovGate.w 10.01
3 Email-Worm.Win32.NetSky.q 6.13
4 Email-Worm.Win32.LovGate.ad 5.83
5 Email-Worm.Win32.NetSky.t 4.77
6 Email-Worm.Win32.NetSky.b 4.30
7 Net-Worm.Win32.Mytob.u 2.65
8 Net-Worm.Win32.Mytob.t 2.52
9 Net-Worm.Win32.Mytob.a 2.45
10 Net-Worm.Win32.Mytob.q 2.30
11 Net-Worm.Win32.Mytob.w 1.72
12 Email-Worm.Win32.NetSky.y 1.68
13 Email-Worm.Win32.LovGate.ah 1.51
14 Email-Worm.Win32.NetSky.x 1.27
15 Email-Worm.Win32.Scano.ab 1.20
16 Email-Worm.Win32.NetSky.aa 1.18
17 Net-Worm.Win32.Mytob.eg 1.12
18 Net-Worm.Win32.Mytob.x 1.04
19 Email-Worm.Win32.Scano.ag 0.96
20 Net-Worm.Win32.Mytob.bx 0.96
Other malicious programs 18.79
Source: Kaspersky Lab, 2006

ClickZ Live New York What's New for 2015?
You spoke, we listened! ClickZ Live New York (Mar 30-Apr 1) is back with a brand new streamlined agenda. Don't miss the latest digital marketing tips, tricks and tools that will make you re-think your strategy and revolutionize your marketing campaigns. Super Saver Rates are available now. Register today!

ABOUT THE AUTHOR

Enid Burns

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

UPCOMING TRAINING

Featured White Papers

Google My Business Listings Demystified

Google My Business Listings Demystified
To help brands control how they appear online, Google has developed a new offering: Google My Business Locations. This whitepaper helps marketers understand how to use this powerful new tool.

5 Ways to Personalize Beyond the Subject Line

5 Ways to Personalize Beyond the Subject Line
82 percent of shoppers say they would buy more items from a brand if the emails they sent were more personalized. This white paper offer five tactics that will personalize your email beyond the subject line and drive real business growth.

WEBINARS

    Information currently unavailable

Jobs

    • Lead Generation Specialist
      Lead Generation Specialist (The Oxford Club) - BaltimoreThe Oxford Club is seeking a talented writer/marketer to join our growing email lead-generation...
    • Health Marketing Editor
      Health Marketing Editor (Agora Inc.) - BaltimoreCome flex your intellectual muscle as part of Agora, Inc’s (http://agora-inc.com/) legal team...
    • Technical Business Analyst
      Technical Business Analyst (OmniVista Health) - BaltimoreOmniVista Health is looking to add a Technical Business Analyst to our expanding team...