Researchers: Less Than 10 Percent of Email Non-Malicious
If you ever wondered just how much spam and malware most companies have to deal with in managing their e-mail systems, well, it turns out it's even more than you might have thought.
For, according to a new study issued by researchers at AV specialists Panda, the astonishing amounts of spam and malware attacks that arrive at companies electronic doorsteps each day is shockingly over 90 percent.
Yes, that's right, according to Panda's survey of 430 million e-mail messages received by its customers during the last year, only 8.4 percent were legitimate.
Think about the sheer volume of unwanted e-mail that represents, and how much money companies are paying to process all that content on their servers and gateways.
Something tells me that the federal government might take a much closer interest in the issue if you work out the math on that one, and how it sucks money out of the U.S. economy.
Newly received spam does, however, still vastly outpace the arrival of e-mail borne malware attacks, which accounted for only 1.11 percent of the messages analyzed by Panda. The most common format for spam remains sexual performance-oriented pharmaceuticals, the company said. Spam campaigns playing on the ongoing economic turmoil also grew significantly throughout 2008, with fake job offers and diplomas accounting for 2.75 percent of all spam, while mortgage deals and phony loans were responsible for 4.75 percent, the company said.
PandaLabs reported that botnets of infected computers remain a major element of the spam problem, with over 300,000 newly-activated zombie machines spewing unwanted e-mail during Q4 2008 alone.
The researchers said that the volume of spam being received by customers fluctuated throughout the calendar year, peaking in the second quarter at 94.27 percent of all mail reaching companies. Only January 2008 witnessed levels of spam below 80 percent, the form contends.
In terms of e-mail-based malware, researchers said that the Netsky.P worm was the program most frequently detected among its users. The malware attack activates automatically using a technique whereby when users view the infected message through the Microsoft Office Outlook preview pane, it takes advantage of the Autorun feature that allows automatic execution of e-mail attachments.
In that sense Netsky.P is actually a multi-staged attack, according to the experts. "The fact that these two malicious codes often act in unison explains the high number of detections of both," Luis Corrons, Technical Director of PandaLabs, said in a report summary. "Cyber crooks often launch several strains of malware with each exploit to increase the chances of infection, so even if users whose systems are up-to-date are immune to the exploit, they could still fall victim to infection by the worm if they run the attachment."
The Rukap.G backdoor Trojan, designed to allow attackers to take control of a computer, and the Dadobra.Bl Trojan were also among the most prevalent malicious code, the firm contends.
Panda's Top 10 malware in email rankings for all of 2008 were:
-Netsky.P.worm -Bck/Rukap.G -Exploit/iFrame -Trj/Dadobra.BL
"For companies, spam is more than just a nuisance. It consumes bandwidth, wastes employees' time and can even cause system malfunctions. In the end, it all results in a loss of productivity," Corrons said.
At over 90 percent of all e-mail I'd say that's actually a bit of an understatement. Wild.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.