Spammers regaining lost ground after botnet closures

28 Mar 2011
Spam News

Spammers are gradually regaining their position following the closure of major botnets in the second half of last year according to Kaspersky Lab’s February report on global spam activity.

The latest figures show that India remained the leading source of spam in February, accounting for 8.83 percent of all global spam traffic. Almost half as much spam came from Russia which was the second biggest source compared to the previous month after a drop of 4.26 percentage points. Brazil rose to third place (+0.41 percentage points) and Indonesia moved up one place to fourth (-0.39 percentage points). Newcomer to the top five South Korea climbed six places to claim fifth place following a rise of 1.4 percentage points.

According to the report the USA ended the month as the eighth biggest source of spam, but it should be noted that there is a gradual increase in the amount of spam traffic coming from the country. After the closure of the Pushdo/Сutwail botnet in August 2010, the volume of spam emanating from the USA fell considerably with record-low levels at the end of last year (approximately 1-1.5 percent from October to December). In February, that figure reached its highest level in four months – 4.27 percent – and it looks like it will continue to rise over the next few months.

“Spammers are gradually regaining their position following the closure of major botnets in the second half of last year, and we foresee a return to spam levels of 81-82 percent by April-May 2011,” said Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab.

In February malicious files were found in 3.18 percent of all emails, a rise of 0.43 percentage points compared with the previous month. Most of the malicious programs in February’s rating can be split into two groups. The first group consists of mail worms whose primary function is to harvest email addresses to continue propagating. The second group of malware contains programs designed to steal confidential information, primarily of a financial nature. February’s rating also included a malicious program capable of disabling victim computers and demanding payment to restore access to them.

The full version of the spam report for February 2011 is available at: http://www.securelist.com