Three Botnets Yield 75% Spam in H1 2008, Says Marshal

The Threat Research and Content Engineering (TRACE) report by Marshal for H1 2008 revealed that three botnets were accounted for 75% of spam in the review period (January-June 2008). All the three botnets produced billions of messages every hour through zombie computers to attack Websites.

The analysis further revealed that cyber criminals are employing blended attacks to send malware and links to hacked Websites through e-mails on a massive scale. Besides, un-patched browsers are making more than 45% users vulnerable to attacks by exposing their personal details when they visit the legitimate site loaded with malicious code, said Marshal.

Marshal said that TRACE team found double rise in volume spam in the first six months of 2008. Srizbi botnet, the most productive offender during review period, sent more than 7.80 Billion spam messages every hour. Also, Srizbi is the world's largest botnet controlling over 315,000 compromised machines and sending more than 50% of the total spam mails, followed by Mega-D and Rustock each accounting for 14% of the spam mails.

Marshal further said that 90% of spams originated from mere seven botnets, pointing to millions of computer infected with Trojan worldwide. It also revealed that image spam is still used by spammers but 1% decline was noticed in it, which has been luring net surfers since long.

However, as per Marshall, spammers have replaced earlier phishing tactics with new social engineering tactics in which sensational news headlines are used to spread spam. Users receiving spam mails end up downloading malware due to their curiosity of watching videos given in the spam.

Besides, TRACE team noticed a major surge in spam mails pushing pharmaceuticals or fake products to infect computers with Trojan malware. It also stated that 1.5 Million Websites were infected by botnet attack in May 2008.

According to Bradley Anstis, Vice President, Products, Marshal, corporate should use combination of e-mail security gateways and Web gateway products to protect against malicious attacks. E-mail security gateways block malicious content through anti-spam defense using various techniques and Web gateway products help in scanning the content, which users download and upload in real-time because they do not rely on URL filtering, as reported by iStockAnalyst on August 12, 2008.

Related article: Three New Threats With Highest Percentages in Top Ten

» SPAMfighter News - 8/26/2008