The quantity of spam messages with malicious attachments more than doubled in the third quarter of 2010, according to Kaspersky Lab's quarterly spam report. The amount of spam containing malware averaged 4.6 per cent over the quarter, compared to 1.9 per cent in the previous quarter. The percentage of malicious attachments in email traffic reached an all time high of 6.3 per cent at the start of the third quarter.
Kaspersky Lab analysts suggest this may be down to spammers simply switching their focus from individual clients to working with partner programs, including those linked to the spread of malware. The majority of spam was fake notifications from services such as Twitter, Facebook, WindowsLive, MySpace, and a number of popular online stores. The links contained in these notifications redirected users to a spammer service that downloaded the Bredolab backdoor virus to users' computers which was then used to download various other Trojans.
"The increase in the volume and quality of mass malicious mailings confirms that spammers and cybercriminals have started acting in unison to create complex infection strategies, which include connecting a victim computer to a botnet, sending out spam, stealing personal information and so on," says Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab.
Overall, the amount of spam in the third quarter fell compared to the previous quarter and averaged 82.3 per cent. Users saw considerably less spam in their inboxes in September, with a drop of 1.5 per cent compared to August. This was due to the closure of over 20 control centres used by the Pushdo / Cutwail botnet which was responsible for approximately 10 per cent of all spam worldwide. The threat posed by this botnet was not just the sheer volume of spam that it distributed, but also its connection to the spread of malicious programs such as Zbot (ZeuS) and TDSS.
Another closure in the third quarter was initiated by the spammers themselves when the partner program SpamIt announced it was shutting down its operations. This particular partner program was responsible for an enormous amount of pharmaceutical spam. The program's websites (Spamit.biz and Spamit.com) posted the reasons for the closure as "a long list of negative events over the past year and intensified attention being paid to the partner program's operations".
"The closure of one partner program — even a major one — will only result in a temporary decrease in the amount of advertisements for pharmaceuticals in our inboxes; the spammers aren't about to abandon such a lucrative business," states Darya Gudkova. "More likely than not, the organisers of the partner program will simply open a new program that will, for a while, remain under the radar of the anti-spam vendors and law enforcement agencies."
View the full version of ‘Spam in the Third Quarter of 2010' at http://www.securelist.com/en/analysis.