The Deadly Duo: Spam and Viruses, January 2006
2005’s elevated spam levels continue into 2006.
Many email users entered the new year with more spam. Integrated message management firm Postini released its annual report which uses 2005 activity to provide an outlook for 2006.
Spam levels remained consistently high in 2005. Between 75 and 80 percent of all email sent through the firm’s servers fall into the spam bucket. While spam reaches every email user and every industry, the publishing sector leads other industry sectors in volume of received spam. While publishing has been on the most-wanted list for over two years, healthcare, insurance, banking and utilities each experienced significant increases in received spam.
A massive outbreak of the Sober virus late last year eclipsed all other viruses that appeared in 2005, representing 48 percent of all virus traffic for the year. During a seven-day period beginning November 29, 2005, over 218 million Sober-infected messages were quarantined. In the proceeding 30 days, over 1.2 billion attempts to send the malicious code were stopped. Those figures are from Postini, just one of many virus-protection vendors.
Four major virus attacks were recognized in January by software firm Commtouch. The firm identified 19 new email-borne significant virus attacks. Eight (42 percent) were classified as low intensity; seven (37 percent) as medium; and four (21 percent) as high. Seven variants came from just one outbreak, which demonstrates a growth in sophistication.
Spam detected in January primarily originated in the U.S. (43.18 percent); China (12.89 percent); and Korea and Germany (four percent, respectively). Spammers used prominent email domains such as Hotmail.com(4.7 million); yahoo.com (4.2 million); MSN.com (2.1 million); Cisco.com (1.9 million); and Gmail.com (1.5 million). Use of established domains is one method spammers use to avoid being blocked by mail server rules.
| Major Spam Categories, January 2006 | ||
|---|---|---|
| Category | % of Spam | Popular Products / Subjects |
| Pharmaceutical | 52.46 | Medical offering |
| Gifts | 14.08 | Rolex replicas |
| Enhancers & diets | 13.38 | Show her how; |
| Finance | 7.57 | Refinance your home, Your loan is approved |
| Software | 6.34 | Windows XP Pro, Photoshop, MS-Office |
| Porn & dating | 5.28 | Nasty girls date site; Have sex with locals |
| Fraud | 0.88 | eBay Inc. – Urgent Security Notification |
| Source: Commtouch Software Ltd., 2006 | ||
A January recap from Sophos finds the Sober-Z worm accounted for 44.9 percent of malware for the month, though distribution died sharply on January 6. After Sober-Z subsided, the Kama Sutra worm (Nyxem-D) took hold. That virus was programmed to overwrite files on the first Friday in February.
| Top Ten Viruses Reported to Sophos, January 2006 | ||
|---|---|---|
| Position | Virus | Percentage of Reports |
| 1 | W32/Sober-Z | 44.9 |
| 2 | W32/Netsky-P | 8.7 |
| 3 | W32/Zafi-B | 4.3 |
| 4 | W32/Nyxem-D | 3.6 |
| 5 | W32/Mytob-BE | 3.1 |
| 6 | W32/Mytob-FO | 2.7 |
| 7 | W32/Netsky-D | 1.7 |
| 8 | W32/Mytob-EX | 1.6 |
| 9 | W32/Mytob-C | 1.5 |
| 10 | W32/Mytob-AS | 1.3 |
| Others | 26.6 | |
| Source: Sophos Plc., 2006 | ||
| Top Ten Hoaxes Reported to Sophos, January 2006 | ||
|---|---|---|
| Position | Hoax | Percentage of Reports |
| 1 | Hotmail | 15.2 |
| 2 | A virtual card for you | 11.8 |
| 3 | Bonsai kitten | 11.7 |
| 4 | Meninas da Playboy | 6.5 |
| 5 | Budweiser frogs screensaver | 4.4 |
| 6 | Applebees gift certificate | 2.7 |
| 7 | Bill Gates fortune | 2.6 |
| 8 | Mobile phone | 2.3 |
| 9 | WTC survivor | 2.2 |
| 10 | MSN is closing down | 2.0 |
| Others | 38.6 | |
| Source: Sophos Plc., 2006 | ||
Kaspersky Labs identified a presence of the Feebs and Nyxem families in January, though the Zafi.b and Mytob.c remain high on its virus list for January.
Phishing attacks were received in high numbers in January with a strong showing of Trojan-Spy.HTML.Bayfraud.hn. This particular message was the first on record with Kaspersky to be mass mailed for phishing purposes. Rather than a one-off mass mailing, the message was sent over repeated attacks, targeting eBay users over a several month period.
| Top 20 Virus Threats, January 2006 | ||
|---|---|---|
| Position | Name | Percentage |
| 1 | Email-Worm.Win32.Zafi.d | 29.52 |
| 2 | Net-Worm.Win32.Mytob.c | 22.62 |
| 3 | Email-Worm.Win32.LovGate.w | 6.25 |
| 4 | Email-Worm.Win32.NetSky.b | 3.89 |
| 5 | Email-Worm.Win32.Zafi.b | 2.64 |
| 6 | Net-Worm.Win32.Mytob.u | 2.62 |
| 7 | Net-Worm.Win32.Mytob.t | 2.51 |
| 8 | Email-Worm.Win32.NetSky.q | 2.32 |
| 9 | Net-Worm.Win32.Mytob.q | 1.95 |
| 10 | Net-Worm.Win32.Mytob.a | 1.66 |
| 11 | Trojan-Spy.HTML.Bayfraud.hn | 1.43 |
| 12 | Email-Worm.Win32.NetSky.y | 1.29 |
| 13 | Net-Worm.Win32.Mytob.h | 1.24 |
| 14 | Net-Worm.Win32.Mytob.bt | 1.15 |
| 15 | Net-Worm.Win32.Mytob.x | 1.09 |
| 16 | Net-Worm.Win32.Mytob.v | 1.06 |
| 17 | Net-Worm.Win32.Mytob.y | 1.01 |
| 18 | Email-Worm.Win32.Sober.y | 0.93 |
| 19 | Email-Worm.Win32.NetSky.t | 0.76 |
| 20 | Email-Worm.Win32.Bagle.dx | 0.69 |
| Other malicious programs | 17.37 | |
| Source: Kaspersky Lab, 2006 | ||
Please take the time to participate in ClickZ’s short reader survey, which will be live until March 3. To thank you for your participation, ClickZ will make a donation to charity on your behalf for every survey completed. Details of the charities you can nominate are provided at the end of the questionnaire.
