The Deadly Duo: Spam and Viruses, May 2006

Employee spam management accounts for up to 12.5 percent of lost time on the job, while false positives pose problems in business and personal matters alike.

When spam makes its way into the inbox of a business account, it can sap an employee’s time as they filter out unwanted messages. A “Spam Personality” survey conducted by anti-spam solutions firm Reflexion Network Solutions finds employees spend as much as one hour per day deleting spam. That’s 12.5 percent of lost time for a staffer who works 1,824 hours per year.

The survey also identifies the perils of false positives (define) which include job termination, broken relationships, missed flights and other embarrassing situations.

While spam often transmits malicious code through attachments or by tricking recipients to visit a site to infect computers, several security firms have identified a worm that infects computers when the email is opened in Yahoo Mail. The JS/Yamann-A or Yamanner JavaScript worm exploits a vulnerability in Yahoo’s mail and Web group services. While the worm was widely reported, its impact on users of the Web-based mail system was reported to be minimal.

“In this instance, Yahoo detected a worm on Monday morning (June 12), which impacted a very small fraction of Yahoo Mail users. We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers and requires no additional action on the part of the user,” said Yahoo Spokesperson Kelley Podboy.

Further remarks from Podboy assured users of the Web mail client of continued support and improvement. “Yahoo continues to take a multi-faceted approach to protecting consumers against scams and online threats throughout the use of enhanced filtering and email authentication technologies, industry collaboration, public policy efforts, and increasing consumer awareness,” she said.

Sophos said none of its users were affected by the worm. Sophos also broke the code on a ransomeware Trojan known as Troj/Arhiveus-A or MayAlert. The malicious code is known to gather files from the “My Documents” folder and replace them with a ransom note demanding money, or in this case, that a user make a purchase from one of three online drugstores. The cracked 38-character password is “mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw” or at least for this particular round of the Arhiveus-A.

In May, Viruses and worms accounted for just 12.3 percent of all malware, according to the security firm. Trojan horses accounted for 85.1 percent of threats. The long-in-circulation Netsky-P still tops the list of most circulated malware. The worm was first seen in March of 2004.

Top 10 Reported Malware, May 2006
Position Virus Percentage of Reports
1 W32/Netsky-P 16.7
2 W32/Zafi-B 11.4
3 W32/Nyxem-D 7.5
4 W32/Mytob-AS 6.3
5 (tie) W32/Mytob-P 5.3
5 (tie) W32/Mytob-M 5.3
6 W32/Netsky-D 3.7
7 W32/MyDoom-O 3.6
8 W32/Mytob-FO 2.9
9 W32/Mytob-C 2.1
Others 35.2
Source: Sophos Plc., 2006

One in every 141 emails is virus infected, down from one in every 38 emails counted in May of last year. “The proportion of virus infected email has dropped considerably over the last year as hackers have turned from mass-mailing attacks to targeted Trojan horses,” said a statement issued by the company.

Top 10 Reported Hoaxes and Chain Letters, May 2006
Position Virus Percentage of Reports
1 Olympic torch 18.6
2 Hotmail hoax 15.1
3 Justice for Jamie 4.8
4 Bonsai kitten 4.2
5 Budweiser frogs screensaver 4.1
6 Meninas da Playboy 3.8
7 MSN is closing down 3.0
8 Bill Gates fortune 2.8
9 MySpace J_Neutron07 virus 1.9
10 WTC Survivor 1.6
Others 40.1
Source: Sophos Plc., 2006

Postini filtered 25 billion email messages last month, an increase of 13 percent over April message levels. A majority 65 percent were rejected at the network layer where DHA (define) and DoS (define) attacks.

Increased levels of email traffic, and the large portion of mail being blocked outright by spam filters leads spammers to adopt new practices. “If every company has some sort of spam or virus filtering, the users are protected and can get their jobs done,” said Andrew Lochart, senior director of marketing at Postini. “When it becomes that ubiquitous, the bad guys notice, they notice the URLs in spam messages don’t get clicked, phishing Web sites get removed by the ISPs in minutes instead of hours.

“They can increase the volume of garbage that gets sent out, or they can change their techniques for how that message is composed,” said Lochart. One method that became prevalent over the past two years is to create a network of botnets (define) also known as zombies. More recently, spammers and distributors of malware have turned to attacks over instant messaging platforms.

Top Five Viruses, May 2006
Virus Name Quantity Blocked
MyTob variants 5,206,192
Netsky 2,492,450
Swen 1,340,982
Mydoom 803,051
Lovgate 788,252
Source: Postini, 2006

While zombie networks aren’t new, CipherTrust saw a 21 percent jump in the number of new zombie machines in May. The company reports over 7.5 million new zombie computers were created worldwide. The induction of new zombie machines lead to a 20 percent increase in overall email traffic. The month also saw an increase in randomized image-based stock spam messages. In these emails, spammers are using more challenging graphics-based messages to evade filters. While new zombie machines increase the volume of spam, the company’s research shows that the new image-based messages contribute to the rise in new zombie-infected computers.

“We believe there is a direct correlation between the rise of image-based spam attacks and the significant jump in the number of zombies and overall email traffic,” said Dmitri Alperovitch, research engineer at CipherTrust, in a statement. “Spammers have come up with a new method of getting past many signature-based blocking systems and they are exploiting this and cranking out more spam in the last 30 days.”

The Kaspersky Lab Online Scanner registered a handful of new threats, and the reappearance of two classics. The Hidrag.a and Redlof.a are both widespread Trojans. The older worms take longer to spread but tend to infect a large number of machines and tend to have difficult removal procedures. The firm said that while the virus made the list of most distributed threats, it may not constitute a real threat.

Online Scanner Top 20, May 2006
Position Name Percentage
1 Net-Worm.Win32.Mytob.c 27.61
2 Email-Worm.Win32.LovGate.w 10.01
3 Email-Worm.Win32.NetSky.q 6.13
4 Email-Worm.Win32.LovGate.ad 5.83
5 Email-Worm.Win32.NetSky.t 4.77
6 Email-Worm.Win32.NetSky.b 4.30
7 Net-Worm.Win32.Mytob.u 2.65
8 Net-Worm.Win32.Mytob.t 2.52
9 Net-Worm.Win32.Mytob.a 2.45
10 Net-Worm.Win32.Mytob.q 2.30
11 Net-Worm.Win32.Mytob.w 1.72
12 Email-Worm.Win32.NetSky.y 1.68
13 Email-Worm.Win32.LovGate.ah 1.51
14 Email-Worm.Win32.NetSky.x 1.27
15 Email-Worm.Win32.Scano.ab 1.20
16 Email-Worm.Win32.NetSky.aa 1.18
17 Net-Worm.Win32.Mytob.eg 1.12
18 Net-Worm.Win32.Mytob.x 1.04
19 Email-Worm.Win32.Scano.ag 0.96
20 Net-Worm.Win32.Mytob.bx 0.96
Other malicious programs 18.79
Source: Kaspersky Lab, 2006

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

1m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource