The latest spam outbreak is hitting levels not seen since Rustock was dismantled in March, according to security firm Commtouch.
Global spam volumes have
been declining since March, but Commtouch researchers reported a massive spam
outbreak that flooded user in-boxes this week.
The latest spam outbreak is
the largest operation seen by researchers since the end of March, Avi Turiel,
director of product marketing at Commtouch, wrote on the Commtouch
blog Aug. 15. The "extraordinary increase" in email messages
with malware attachments began Aug. 8 and peaked Aug. 12, according to
Even though the numbers are
falling again, the average number of malicious emails being sent at this time
is still 5.5 times greater than the average number of messages sent from the
end of July to the beginning of the outbreak, Turiel said.
"The UPS name is once
again being used to spread vast amounts of email-attached malware," Turiel
said. The emails appear to be delivery-confirmation messages, claiming a
package was not sent for whatever reason.
Spammers used the same scam
during the March outbreak before it switched the spoofed address to look like
they were coming from DHL, a different package carrier service.
are also seeing spam messages warning that the recipient's
credit card has been blocked. Purporting to be from "customer
services" at a credit card issuer or company, such as Visa and Mastercard,
the emails claim someone tried to withdraw a large amount on the card. The
messages helpfully state that it could be a "possibly illegal"
operation, and that the user should contact the bank. The malicious payload is
attached to the messages, and the user is told to find "more details"
about the supposed transaction in the file.
The outbreak may just be an
aberration, as there are signs it has already slowed down. While there are
frequent spikes in spam traffic, the magnitude of this operation was larger
than anything seen since March, Turiel said.
A number of security vendors
have been consistently reporting declines in global volume. The latest numbers
from SpamCop shows overall volume stayed more or less unchanged between March
and May. After a bit of a jump in June, volumes
have dropped again
, bringing July levels to even lower than what was seen
in March, or last December, when Rustock temporarily went offline.
"The amount of spam has
plummeted from 23,000 in mid 2010 to 5,000 now [August 2011], a drop of over 75
percent," Terry Zink, a program manager for Microsoft
Forefront Online Security
, wrote on his Cyber-Security blog.
"The contrast couldn't be starker - spammers are not spamming as much
anymore," Zink said.
Ever since the Justice
Department, with the assistance of Microsoft, FireEye, and other security
vendors and academics, seized several command-and-control servers controlling
botnet in March
, global spam volumes have been dropping markedly. Even
though the operation affected only servers located in the United States ,
Microsoft recently said the rate of systems in India and Russia being infected
and becoming Rustock zombies has plunged significantly. The number of known
Rustock systems also dropped
56 percent from more than 1.6 million at the
end of March to just over 700,000 in June.
The Rustock botnet is
"less than half the size it was" in March, Richard Boscovich, a
senior attorney with Microsoft's Digital Crime Unit, wrote July 5 on the
Official Microsoft blog.
At its height, Rustock may
have been responsible for more than half the world's spam, but it was in
decline by March. The botnet accounted for a mere 47.5 percent of worldwide
spam by the end of 2010. At the recent Black Hat security conference, FireEye
researchers Julia Wolf and Alex Lanstein discussed how the gang behind Rustock
used a number of spoofing techniques to trick administrators into thinking the
spam was legitimate.