The Deadly Duo: Spam and Viruses, October 2006

Anti-spam companies identified a pattern where spammers jump to new TLDs (define) after using existing ones for a matter of hours. McAfee Avert Labs noticed spammers registering for domains on small islands with their own TLDs. Domains are registered at such islands as Tokelau (.tk); Isle of Man (.im); and Sao Tome and Principe (.st) and used for as little as one hour.

“[Spammers] literally hop between domain registrations in order to evade filters,” said David Marcus, security research and communications manager at McAfee Avert Labs. “They’re really thinking two or three steps ahead to avoid the filters.”

Use of small-island domains may be on the rise, but a statement released by the European Commission calls for increased efforts among member states to fight spam. Despite extensive European Union legislation, the member countries continue to “suffer from illegal online activities from inside the EU and from third countries,” the commission said in the statement. It cites the “Dirty Dozen” from Sophos to outline the top countries for their spam output.

Top Spam-Relaying Countries, July-September, 2006
Position Country Percentage %
1 United States 21.6
2 China (incl. Hong Kong) 13.4
3 France 6.3
4 South Korea 6.3
5 Spain 5.8
6 Poland 4.8
7 Brazil 4.7
8 Italy 4.3
9 Germany 3.0
10 Taiwan 2.0
11 Israel 1.8
12 Japan 1.7
Source: Sophos, 2006

Spam originating from within the U.S. accounts for 21.6 percent of spam, toping the list by country. Asia is first in relaying spam when the data’s broken down by continent; it sends 34.1 percent of the world’s spam. Spammers send 31.9 percent of spam from within Europe; 24.2 percent from North America; and 8.3 percent from South America.

The third quarter of 2006 saw an increase in the number of proof-of-concept programs and more Microsoft Office-focused attacks, according to Kaspersky Lab.

Online Scanner Top 20 for October 2006
Position Name Percentage
1 Email-Worm.Win32.NetSky.q 13.14
2 Email-Worm.Win32.Warezov.dn 11.00
3 Email-Worm.Win32.Bagle.gen 10.43
4 Email-Worm.Win32.Scano.gen 7.97
5 Email-Worm.Win32.Warezov.ev 6.32
6 Email-Worm.Win32.Bagle.mail 4.04
7 Email-Worm.Win32.Warezov.dc 3.65
8 Email-Worm.Win32.Mydoom.l 2.89
9 Email-Worm.Win32.Mydoom.m 2.74
10 Email-Worm.Win32.Scano.e 2.46
11 2.41
12 Email-Worm.Win32.NetSky.aa 2.08
13 Email-Worm.Win32.NetSky.b 2.04
14 Net-Worm.Win32.Mytob.c 2.01
15 Trojan-Spy.HTML.Bankfraud.od 1.84
16 1.83
17 Email-Worm.Win32.Warezov.gen 1.26
18 Email-Worm.Win32.Bagle.dx 1.24
19 Email-Worm.Win32.Warezov.dh 0.84
20 0.80
Other malicious programs 19.01
Variants from the Warezov family 27.31
Source: Kaspersky Lab, 2006

Related reading