Botnets Multiplying as Spammers Prepare for Holiday Sales

 
 
By Fahmida Y. Rashid  |  Posted 2010-10-20 Email Print this article Print
 
 
 
 
 
 
 

Security researchers analyzing spam and virus activity in third quarter 2010 saw an uptick in virus activity, hinting at new botnets on the rise.

Spammers are bombarding users with malware-laden spam in order to build up new botnets, just in time for the holiday season, security researchers said Oct. 19.

The Google Postini Services team analyzed spam and virus data collected during the third quarter by Google's security and archiving services, powered by Postini. The results, posted on the Google Enterprise Blog, found an abnormally high volume of virus activity in August while overall spam dropped July to September after several botnets were shut down.

There was a 241 percent increase in virus volumes in August over July and nearly double the volume from August 2009, wrote Adrian Soghoian and Adam Hollman. In comparison, spam volume was relatively constant during the quarter, with dips in August and September, according to the post. Virus activity was also high-188 million viruses were blocked in a single day, a record-noted the researchers.

August also had the greatest recorded surge in viral activity since 2008, far surpassing October 2009 when Mega-D infected more than 250,000 computers worldwide before being shut down, Soghoian and Hollman wrote.

The recent increase in viral activity could be a sign that spammers are building new botnets by taking over more computers, just in time for the holiday sales and increased online shopping, speculated the researchers. Consumers will be looking for deals and discounts and shopping more online, and may be particularly vulnerable to shopping-related scams.

Security researchers have often seen a correlation between spam, malware campaigns and seasonal consumer spending patterns, according to the post.

The researchers said the scammers continue to use familiar tactics, including spoofing major brands, celebrity gossip and fake financial transactions in their virus-laden messages. There was a new tactic, where previously sent e-mails were taken from the hard drives of infected computers and resent, fooling many recipients because the wording and content is familiar.

Other malware trends in September included an increased number of .zip and .html attachments containing malicious JavaScript code, and shortened URLs linking back to malicious Websites. Spammers take advantage of users getting used to seeing URLs that mask the final Website address on their social networks and trick them into clicking harmful links.

There was also an upswing in the number of Non-Delivery Report/Receipt messages with malicious JavaScript embedded, the post said. As a "hybrid" between virus and spam messages, these attacks directed users to a malware site or stealthily downloaded software in the background.

"As always, be on the lookout for suspicious email language and exercise extreme caution when clicking on links," cautioned the post.


 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel