The Deadly Duo: Spam and Viruses, January 2006

Many email users entered the new year with more spam. Integrated message management firm Postini released its annual report which uses 2005 activity to provide an outlook for 2006.

Spam levels remained consistently high in 2005. Between 75 and 80 percent of all email sent through the firm’s servers fall into the spam bucket. While spam reaches every email user and every industry, the publishing sector leads other industry sectors in volume of received spam. While publishing has been on the most-wanted list for over two years, healthcare, insurance, banking and utilities each experienced significant increases in received spam.

A massive outbreak of the Sober virus late last year eclipsed all other viruses that appeared in 2005, representing 48 percent of all virus traffic for the year. During a seven-day period beginning November 29, 2005, over 218 million Sober-infected messages were quarantined. In the proceeding 30 days, over 1.2 billion attempts to send the malicious code were stopped. Those figures are from Postini, just one of many virus-protection vendors.

Four major virus attacks were recognized in January by software firm Commtouch. The firm identified 19 new email-borne significant virus attacks. Eight (42 percent) were classified as low intensity; seven (37 percent) as medium; and four (21 percent) as high. Seven variants came from just one outbreak, which demonstrates a growth in sophistication.

Spam detected in January primarily originated in the U.S. (43.18 percent); China (12.89 percent); and Korea and Germany (four percent, respectively). Spammers used prominent email domains such as million); (4.2 million); (2.1 million); (1.9 million); and (1.5 million). Use of established domains is one method spammers use to avoid being blocked by mail server rules.

Major Spam Categories, January 2006
Category % of Spam Popular Products / Subjects
Pharmaceutical 52.46 Medical offering
Gifts 14.08 Rolex replicas
Enhancers & diets 13.38 Show her how;
Finance 7.57 Refinance your home, Your loan is approved
Software 6.34 Windows XP Pro, Photoshop, MS-Office
Porn & dating 5.28 Nasty girls date site; Have sex with locals
Fraud 0.88 eBay Inc. – Urgent Security Notification
Source: Commtouch Software Ltd., 2006

A January recap from Sophos finds the Sober-Z worm accounted for 44.9 percent of malware for the month, though distribution died sharply on January 6. After Sober-Z subsided, the Kama Sutra worm (Nyxem-D) took hold. That virus was programmed to overwrite files on the first Friday in February.

Top Ten Viruses Reported to Sophos, January 2006
Position Virus Percentage of Reports
1 W32/Sober-Z 44.9
2 W32/Netsky-P 8.7
3 W32/Zafi-B 4.3
4 W32/Nyxem-D 3.6
5 W32/Mytob-BE 3.1
6 W32/Mytob-FO 2.7
7 W32/Netsky-D 1.7
8 W32/Mytob-EX 1.6
9 W32/Mytob-C 1.5
10 W32/Mytob-AS 1.3
Others 26.6
Source: Sophos Plc., 2006

Top Ten Hoaxes Reported to Sophos, January 2006
Position Hoax Percentage of Reports
1 Hotmail 15.2
2 A virtual card for you 11.8
3 Bonsai kitten 11.7
4 Meninas da Playboy 6.5
5 Budweiser frogs screensaver 4.4
6 Applebees gift certificate 2.7
7 Bill Gates fortune 2.6
8 Mobile phone 2.3
9 WTC survivor 2.2
10 MSN is closing down 2.0
Others 38.6
Source: Sophos Plc., 2006

Kaspersky Labs identified a presence of the Feebs and Nyxem families in January, though the Zafi.b and Mytob.c remain high on its virus list for January.

Phishing attacks were received in high numbers in January with a strong showing of This particular message was the first on record with Kaspersky to be mass mailed for phishing purposes. Rather than a one-off mass mailing, the message was sent over repeated attacks, targeting eBay users over a several month period.

Top 20 Virus Threats, January 2006
Position Name Percentage
1 Email-Worm.Win32.Zafi.d 29.52
2 Net-Worm.Win32.Mytob.c 22.62
3 Email-Worm.Win32.LovGate.w 6.25
4 Email-Worm.Win32.NetSky.b 3.89
5 Email-Worm.Win32.Zafi.b 2.64
6 Net-Worm.Win32.Mytob.u 2.62
7 Net-Worm.Win32.Mytob.t 2.51
8 Email-Worm.Win32.NetSky.q 2.32
9 Net-Worm.Win32.Mytob.q 1.95
10 Net-Worm.Win32.Mytob.a 1.66
11 1.43
12 Email-Worm.Win32.NetSky.y 1.29
13 Net-Worm.Win32.Mytob.h 1.24
14 1.15
15 Net-Worm.Win32.Mytob.x 1.09
16 Net-Worm.Win32.Mytob.v 1.06
17 Net-Worm.Win32.Mytob.y 1.01
18 Email-Worm.Win32.Sober.y 0.93
19 Email-Worm.Win32.NetSky.t 0.76
20 Email-Worm.Win32.Bagle.dx 0.69
Other malicious programs 17.37
Source: Kaspersky Lab, 2006

Please take the time to participate in ClickZ’s short reader survey, which will be live until March 3. To thank you for your participation, ClickZ will make a donation to charity on your behalf for every survey completed. Details of the charities you can nominate are provided at the end of the questionnaire.

Related reading