The Deadly Duo: Spam and Viruses, December 2006

The close of 2006 brought out a number of threats to e-mail users. The Internet Complaint Center, a government unit which works with the FBI noted the spread of a worm identified as Warezov/Stration. The e-mail identified malicious activity from the user’s computer and contains an attachment purporting to clean the affected machine. The attachment contains a Trojan, which then uses the computer to perform malicious activity.

A new phishing (define) scam circulating the Web poses as a message claiming eBay will close on February 27 unless half of the site’s members vote to keep the auction site open. Sophos identified the e-mail as an attempt to steal user names and passwords from unsuspecting recipients.

Globally, the U.S. is measured as the highest relayer of spam messages and host to the most Web sites containing malware (define). Last year, the U.S. accounted for 34.2 percent of malware-containing Web sites; seconded by China with 31 percent of malware-laden sites.

The U.S. (22 percent), and China (15.9 percent) rank highest in terms of spam-relaying countries. About 90 percent of all spam is originated from zombie-infected computers (define).

Top 12 Spam-Relaying Countries, January 2007
Position Country Percentage (%)
1 United States 22.0
2 China (incl. Hong Kong) 15.9
3 South Korea 7.4
4 France 5.4
5 Spain 5.1
6 Poland 4.5
7 Brazil 3.5
8 Italy 3.2
9 Germany 3.0
10 United Kingdom 1.9
11 Russia 1.8
12 Taiwan 1.8
Others 24.4
Source: Sophos, 2007.

Malicious code may be prevalent on the Web. Finjan finds malicious code hidden in dynamic code obfuscation. This is the ability to obscure code or make it unclear with extraneous information in order to evade the ability of security vendors to detect and counter encrypted malicious code.

The risk level of the Trojan.Peacomm, or “storm worm” was raised to a category 3 threat by Symantec. The speed and volume at which it’s being disseminated, as well as the rate new versions are appearing raised concern. The malware appears to originate from Russia with the intention of running pump-and-dump scams to raise money.

According to Kaspersky, December was business-as-usual in terms of virus activity. A number of Warezov variants rose to the top three positions of viruses distributed across the Web. The Online Scanner was dominated by Trojan dialers, which took the top four ranks based on volume.

Online Scanner Top 20 for December 2006
Position Name Percentage (%)
1 Trojan.Win32.Dialer.cj 14.56
2 Trojan.Win32.Dialer.hz 10.27
3 Net-Worm.Win32.Mytob.c 7.92
4 6.80
5 Email-Worm.Win32.Rays 5.27
6 Email-Worm.Win32.Mydoom.m 3.66
7 Trojan.Win32.Dialer.a 3.27
8 3.08
9 Email-Worm.Win32.Brontok.q 3.03
10 Trojan.Win32.Dialer.hh 2.51
11 2.35
12 2.22
13 Trojan-Downloader.Win32.Small.dam 2.10
14 Trojan-Downloader.Win32.Tiny.fb 2.08
15 Trojan.Win32.Dialer.on 1.59
16 Email-Worm.Win32.Warezov.fb 1.46
17 Trojan.Win32.Dialer.qi 1.24
18 Trojan-Downloader.Win32.INService.gen 1.22
19 not-a-virus:PSWTool.Win32.RAS.a 1.20
20 Email-Worm.Win32.Scano.bk 1.16
Other malicious programs 84.91
Source: Kapersky Lab, 2007

Related reading