Malware, Spam Dip in November

By Matthew Hines  |  Posted 2008-12-04 Print this article Print

UTM specialist Fortinet is reporting that online threats and spam dropped noticeably during the month of November, continuing their downward trend since such activity peaked for the calendar year during September.

According to the vendor's Nov. Threatscape Report, the slowdown in attacks and unsolicited e-mail will likely reverse its course during the month of December, as researchers pointed to the shutdown of shady ISP McColo as a major factor in the trend - an event that the company said will not likely have a long-term effect on threat activity once attackers find replacement hosts for their malicious sites and spambots.

The experts said that attackers were also likely busy in November planning and building attacks to launch during the holiday buying season, when larger numbers of users tend to go online to shop from e-commerce sites - therein creating larger numbers of unsuspecting targets for their work.

"We expect both of these activities to quickly escalate as spam botnets find new avenues to proliferate themselves in the wake of McColo," Derek Manky, project manager, cyber security and threat research at Fortinet, said in a statement. "And with the online shopping season now kicking off, key-logging activity is expected to follow in hot pursuit. We are already seeing a steady uptick in threat activity since closing the November report."

In specific relation to keyloggers, Fortinet reported that three of the top five malware variants seen during November were members of the Goldun family of threats, which are designed to record keystrokes, most often for purposes of stealing banking and credit card information.

The increased key-logging activities also "suggest a readying for online-buying over the holiday season," the company said.

Among several other specific findings issued in the report:

-The McColo shutdown led to a 37 percent drop in overall spam levels worldwide.

-Some 25 of the 81 active attacks tracked by the company were considered "high-risk" with the top two -- the Trojan.Storm.Worm.Krackin.Detection and Worm.Slammer threats accounting for 60 percent of the month's total attacks.

-Purely web-based malware activity declined slightly in October and November, due largely to the decrease in scareware, which still remained No. 1 on the top ten malware variant list with Goldun's key-logging activity claiming the 2nd, 3rd and 4th positions

-Japan (39.68 percent) and the U.S. (39.58 percent) were the leading targets for malware, with China (30.37 percent), Taiwan (22.16 percent) and India (17.59 percent) making up the rest of the top five.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel