WikiLeaks and Mega-D Botnet Case Shape December's Spam Landscape

27 Jan 2011
Spam News

Kaspersky Lab presents its spam report for December, a month in which the spammers exploited the huge global interest in WikiLeaks as well as the more mundane theme of Christmas and New Year holidays.

Kaspersky Lab’s spam analysts registered several mass mailings calling on users to spread WikiLeaks links in the name of democracy. Spammers also mentioned the WikiLeaks name in background noise texts used to bypass spam filters. They were mostly quotes from material published on the site, or news about the portal itself. Interestingly, the word WikiLeaks was often inserted in links in another bid to evade the filters.

In December, India remained the single-most popular source for spam, accounting for 9.9% of the total volume. Russia was in second place (8.5%) having overtaken Italy (4.8%) and Vietnam (4.7%). Brazil completed the top five, accounting for 4.4% of world spam. There was a significant drop (1,6%) in the amount of spam emanating from Western Europe, with 4.3% coming from the UK, 2.2% from France and 1.8% from Germany. Malicious files were found in 1.75% of all emails, an increase of 0.15 percentage points compared with the previous month. As was the case in November, most malware was detected in mail traffic received by users in India, Russia and Vietnam.

The legal war on botnets once again came to the fore in December with criminal proceedings being instigated in the USA in the case of Russian citizen Oleg Nikolaenko who is suspected of creating and running the Mega-D zombie network, also known as Ozdok. The botnet’s infected machines were used to distribute partner spam containing adverts for medications and fake designer goods. It is claimed that at its peak the network’s zombies could distribute up to 30-35% of world spam.

“Spam is usually dominated by the Christmas and New Year holiday theme in December, but in 2010 it had to share the limelight with WikiLeaks, which once again underlines just how serious the scandal surrounding the website was at the end of the year,” commented Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab. “Immediately before the start of the holidays we witnessed a dip in the amount of spam. This is a seasonal phenomenon – at the end of the year the amount of spam mailings always falls off because a lot of the infected botnet computers are switched off. As for the case of Mr. Nikolaenko, it demonstrates yet again the need to introduce tougher anti-spam laws in Russia. As it stands, one of the major players in the spam business faced no charges in his own country because of shortcomings in the spam legislation.”

The full version of the spam report for December 2010 is available at www.securelist.com/en.