The Deadly Duo: Spam and Viruses, September 2006
Hormel attempted to register 'spam' as a trademark; a malware distributor embeds Google Analytics in a virus to track his network.
Hormel attempted to register 'spam' as a trademark; a malware distributor embeds Google Analytics in a virus to track his network.
Hormel applied for a Europe-wide trademark for rights to the word ‘spam.’ The luncheon mean company wants to block the word’s use in reference to unwanted e-mail. The trademark application was denied by the Office of Harmonization of the International Market.
A botnet operator embedded code into a variant of the Opanki virus to use Google Analytics on his network of zombie coputers. McAfee Avert Labs spotted the flaw that let the exploit assess the status of the network including the geographic locations of the computers.
Despite some clever tactics, the level of spam remained about the same in Q3 as the previous quarter according to MessageLabs. Levels of unwanted messages were about 64.4 percent in September, a 0.1 percent decrease from August. Malware and viruses were found in one in every 89.6 e-mails last month, up slightly from August. Phishing attempts were identified in one in every 170 messages, a 0.27 percent increase over August.
In addition to a slight decrease in the amount of spam, messages are becoming more targeted. Spammers now deploy social engineering tactics to target individuals in the technology sector, which is being termed “geek spam.” Message draw recipients with subjects like “Bug #33006: Your review is necessary,” or buzzwords like “.NET,” “cpan,” “xss,” and “Java.”
Conversely, an increase in spam attacks in the third quarter was spotted by Commtouch. The bulk of the uptick came from image spam and zombie-generated spam. Image spam accounted for half of all spam in Q3, versus 30 percent the previous quarter. As many as 3.5 million attack patters were spotted in a single day, with each pattern comprised of up to tens of thousands of e-mails.
Image spam offenses were heightened by animated GIF spam. Most messages contain three to seven individual frames playing in repetition to look like a movie. The main message plays for about 25 seconds after the other images quickly flash subliminal messages like “buy…buy…buy…” or random pixels meant to deceive anti-spam technologies. This category of spam can reach 44KB in size versus a typical text message of 5.5KB. All image-based spam accounts for 20 percent of all spam, though it consumes more bandwidth due to its increased file size.
Malware overtook worm rankings on Kaspersky Labs‘ Online Scanner Top 20 for September. Trojan-Downloader and Trojan-Dropper lead the pack. The Rays and Broontok worms, meanwhile, which had moved down the list in August, climbed back up to the top five in September.
Online Scanner Top Twenty for September, 2006 | ||
---|---|---|
Position | Name | Percentage |
1 | Trojan-Downloader.Win32.Delf.awg | 3.07 |
2 | Backdoor.IRC.Zapchast | 1.86 |
3 | Trojan-Dropper.Win32.Pakes | 1.70 |
4 | Email-Worm.Win32.Rays | 0.89 |
5 | Email-Worm.Win32.Brontok.q | 0.72 |
6 | Virus.Win32.Parite.b | 0.65 |
7 | Email-Worm.Win32.Warezov.aj | 0.51 |
8 | Email-Worm.Win32.Scano.aq | 0.40 |
9 | not-a-virus:RiskTool.Win32.HideWindows | 0.39 |
10 | Email-Worm.Win32.Bagle.fj | 0.38 |
11 | Trojan-Clicker.Win32.Small.kj | 0.37 |
12 | Trojan-Downloader.Win32.Small.ddp | 0.36 |
13 | Virus.Win32.Hidrag.a | 0.36 |
14 | Trojan-Downloader.Win32.INService.gen | 0.35 |
15 | Trojan-Downloader.Win32.Delf.avj | 0.34 |
16 | Email-Worm.Win32.Warezov.at | 0.34 |
17 | not-a-virus:Monitor.Win32.Perflogger.163 | 0.34 |
18 | Backdoor.Win32.Rbot.gen | 0.33 |
19 | not-a-virus:PSWTool.Win32.RAS.a | 0.31 |
20 | Backdoor.Win32.mIRC-based | 0.30 |
Other malicious programs | 86.03 | |
Source: Kaspersky Lab, 2006 |