The Deadly Duo: Spam and Viruses, November 2006

This holiday season, spammers are increasing their efforts faster than online spending is growing. The Malware Research Center, a part of PC Tools Solftware, estimates a 41 percent increase in spy- and malware this season, compared to an estimated 25 percent increase in online shopping.

Enterprise-class application security appliance vendor Barracuda Networks reports an increase in spam volume of 67 percent in the past month, and a 500 percent increase in image spam since August.

The company said spam has nearly tripled in volume since the CAN-SPAM act. In December 2003 when it was passed, spam accounted for between 30 and 35 percent of all e-mail. Just three years later, spam volumes have increased to between 85 and 90 percent of all e-mail on the Web.

Sophos warns of an image spam campaign using Microsoft’s new operating system, Windows Vista. as bait. Spam recipients are told they can save $319.05 by downloading a version.

The “2006 Annual MessageLabs Intelligence Report” issued by MessageLabs warns of the “relentless escalation of spam activity throughout the year.” It places the annual average spam levels at 86.2 percent. The increase in traffic is attributed to a higher sophistication of botnets and new targeted techniques. The report breaks out the top trends in 2006.

  • Spam: The average spam rate was 86.2 percent; botnets accounted for 80 percent of all spam; 63.4 percent of spam came from unknown sources; geel spam emerged as a means to attract more sophisticated recipients with the use of technology-savvy buzzwords.
  • Viruses:The Nyxem.E virus, also known as MyWife.D, Blackworm or Kama Sutra, was the standout virus in a year of few major outbreaks. The average annual virus rate was one in 67.9, down from one in 36.2 messages in 2005.
  • Phishing: Phishing attacks peaked at one in every 274.2 e-mails, or 24.8 percent of all malicious e-mail intercepted by MessageLabs. The occurance of phishing e-mails is up from 10.6 percent in January to 68.6 percent by the close of 2006.
  • Geographic Trends: Israel had the highest average spam rate with 73.2 percent. Last year, the U.S. and Canada were responsible for the greatest amount of spam. Australia (48.1 percent); Hong Kong (71.7 percent); and Singapore (50.7 percent) together experienced the greatest increases in year-over-year spam rates.
  • Vertical/Industry Trends: Business support services were under constant fire of virus and spam attacks this year. The annual virus rate in the sector reached 9.26 percent, and average spam rate was 60.9 percent.

Predictions for 2007

  • A further convergence of threats will develop over 2007. E-mail security will become tighter, though criminals will send more malicious e-mails with URL links aimed to slip under the security radar.
  • Virus rates are expected to continue to fall. The strategy is unnecessary in the creation of botnets.
  • Ransomware, or malicious software that will encrypt files and documents until payment is made to an extortionist, will become a larger threat as technology used by criminals becomes more sophisticated and unbreakable.
  • Spam is expected to become more targeted, sectors like finance and legal will likely fall under the same threats affecting the IT and other sectors.
  • ICANN will continue to be exploited through loopholes, and domain kiting will continue to flip domains by island-hopping or using other means of turnover.
  • Botnets will be engineered to be resilient, allowing criminals to maintain control of zombie computers.
  • The number of worms targeting the Mac OS X will rise in early 2007.
  • The availability of “off the shelf” kits for less tech-savvy spammers will increase, and in turn increase the number of criminals that security experts have to battle.
  • VoIP threats are expected to emerge late in the year as adoption of the digital phone service grows.

November marked the appearance of the Warezov.gj worm. It was detected by Kaspersky Lab on November 22. Within three weeks it became the most widespread virus accounting for 18 percent share of traffic. In the same period, the worm Nyxeum.e returned to circulation and held a 9.89 percent share of traffic.

Top 20 Viruses, November 2006
Position Name Percentage
1 Email-Worm.Win32.Warezov.gj 18.27
2 Email-Worm.Win32.Warezov.ev 14.88
3 Email-Worm.Win32.Nyxem.e 9.89
4 Email-Worm.Win32.NetSky.t 7.54
5 Email-Worm.Win32.Scano.gen 6.57
6 Net-Worm.Win32.Mytob.c 5.68
7 Email-Worm.Win32.NetSky.q 5.25
8 Email-Worm.Win32.Zafi.b 4.40
9 Email-Worm.Win32.NetSky.aa 2.77
10 Net-Worm.Win32.Mytob.t 2.01
11 Email-Worm.Win32.LovGate.w 1.48
12 Email-Worm.Win32.NetSky.b 1.41
13 Email-Worm.Win32.Warezov.fh 1.29
14 Trojan-Spy.HTML.Bankfraud.od 1.08
15 Net-Worm.Win32.Mytob.u 1.04
16 0.97
17 0.87
18 Email-Worm.Win32.Mydoom.l 0.77
19 Email-Worm.Win32.Bagle.gen 0.76
20 Net-Worm.Win32.Mytob.w 0.73
Other malicious programs 12.34
Source: Kaspersky Lab, 2006

Related reading