The Deadly Duo: Spam and Viruses, October 2005

New opportunities for intruders arose in October. In addition to ports open to bad operators, malware found a place to hide from security software. Rootkit (define) software used by Sony BMG Music Entertainment to handle digital rights management (DRM) (define) on content-protected CDs allowed certain Trojans to hide behind Sony’s copy-protection code.

Security software firms including Sophos and Symantec were quick to provide protection to users vulnerable to attack. However Sophos Senior Technology Consultant Graham Cluley said the firm wouldn’t be surprised if more malware authors try to take advantage of the security hole. A survey of 1,500 business PC users conducted by Sophos cited Sony’s DRM copy protection as a security threat (98 percent) rather than a fair way to fight music pirates (two percent). The Sony unit discontinued using the DRM software and will allow exchanges for consumers who purchased the discs.

Additional warnings from Sophos included a “health warning” in reaction to a high number of spam emails selling drugs claiming to combat bird flu.

Symantec found North America to have the highest percentage of spam sent in October. North America accounted for 54 percent of spam sent worldwide; Asia dispersed 24 percent; 18 percent of spam originated in Europe; and South America, Australia and Oceania and Africa were responsible for less than five percent combined.

Click on graphic to view chart

The high percentage of spam hailing from North America is attributed to widespread accessibility to cheaper broadband connectivity. Much of the spam is likely sent from hijacked desktop computers.

The holiday season means more interest in gifts than pharmaceuticals, a trend spammers recognize. Commtouch found spam hawking gifts topped pharmaceuticals for the first time in over two years. In October, spam accounted for 74 percent of Commtouch’s global user base email traffic. Spam accounted for 82 percent of all incoming messages to personal accounts, 62 percent in corporate inboxes. Corporate America receives the most spam; 86 percent of incoming mail is classified as spam. Holland follows with 78 percent. Austria (29 percent) and Hungary (36 percent) receive the lowest percentages of spam.

Top Sent Spam Categories, October 2005
Topic	Percentage	Popular Examples
Gifts	21.08	Replicas of brand names (Rolex, Louis Vuitton)
Pharmaceuticals	19.93	“Your doc thinks you’re a millionaire”
Sexual enhancers and dieting	19.69	“What every woman has been looking for”
Finance	18.77	Mortgage refinancing
Porn and dating	12.63	“Don’t be lonely for another minute”
Software	3.47	Low-cost Microsoft Windows and Office software
Fraud	2.09	Stock recommendation, 419 scams, phishing
Other	2.34
Source: Commtouch, 2005

October saw new malicious programs surface. Kaspersky Lab analysts added 1,400 new records to their anti-virus databases. The top 20 viruses includes a few Doombots, including one originally thought to be a variant of the Mytob virus. Three late-entry variants of the email worm Win32.Sober pose a threat to users. The Sober.u, Sober.v, and Sober.w variants will likely top the list of threats in the next month.

Top 20 Virus Threats, October 2005
Rank	Virus	Percentage
1	Net-Worm.Win32.Mytob.c	14.56
2	Email-Worm.Win32.Doombot.b	10.27
3	Email-Worm.Win32.Zafi.d	7.92
4	Net-Worm.Win32.Mytob.bi	6.80
5	Email-Worm.Win32.LovGate.w	5.27
6	Email-Worm.Win32.NetSky.q	3.66
7	Email-Worm.Win32.Doombot.d	3.27
8	Email-Worm.Win32.NetSky.b	3.08
9	Net-Worm.Win32.Mytob.bk	3.03
10	Net-Worm.Win32.Mytob.t	2.51
11	Net-Worm.Win32.Mytob.y	2.35
12	Net-Worm.Win32.Mytob.be	2.22
13	Net-Worm.Win32.Mytob.q	2.10
14	Net-Worm.Win32.Mytob.u	2.08
15	Email-Worm.Win32.Zafi.b	1.59
16	Email-Worm.Win32.Fanbot.f	1.46
17	Email-Worm.Win32.Bagle.dx	1.24
18	Trojan-Spy.HTML.Bayfraud.hn	1.22
19	Net-Worm.Win32.Mytob.r	1.20
20	Email-Worm.Win32.NetSky.aa	1.16
	Other malicious programs	23.01
Source: Kaspersky Lab, 2005