Email-Borne Malware Jumps 400% After Rustock Takedown, Says Commtouch Quarterly Report

The first three months of 2011 were witness to a range of varied attempts to distribute malware, according to quarterly Internet Threats Trend Report

April 13, 2011

4 Min Read


Sunnyvale, Calif. – April 12, 2011 – Malware sent via email increased by 400% in the last week of March 2011, Commtouch' (Nasdaq: CTCH) reported today in its quarterly Internet Threats Trend Report, which covers spam, phishing, malware and Web threats. The significant increase was detected two weeks after the takedown of the Rustock botnet had resulted in a 30% drop in spam levels.

While overall spam activity dropped around the New Year, it rose significantly after the holiday period. From January to mid-March, spam averaged 168 billion emails per day until Rustock was eliminated, dropping spam to an average of nearly 119 billion messages daily. Zombie activity also dropped significantly after Rustock was taken down, but large increases of enslaved computers became evident following the malware outbreak at the end of the quarter.

“Botnets are an essential part of cybercriminal infrastructure, providing vast computing resources, bandwidth and anonymity,” said Asaf Greiner, Commtouch vice president of products. “Botnet takedowns will almost always result in significant attempts at rebuilding, to allow criminal operations to continue.”

The first three months of 2011 were witness to a range of varied attempts to distribute malware:

* Mass mailings of “parcel tracking information” purporting to come from UPS and DHL accounted for 30% of all emails sent during the peak of the outbreak * Facebook chat messages from compromised user accounts led to phony Facebook applications and ultimately virus files * PDF files with embedded script malware mimicked Xerox scanned documents * The “Kama Sutra” virus tempted recipients with an explicit PowerPoint presentation * T-Online’s personal homepage feature was abused to redirect visitors to fake antivirus downloads

Additional highlights from the April 2011 Trend Report include:

* Spam levels averaged 149 billion spam/phishing messages per day during Q1, compared to the 142 billion spam/phishing messages per day in Q4 2010 and 198 billion in Q3 2010. * Approximately 258,000 zombies were activated daily during Q1, a decrease compared to the 288,000 zombies in Q4 2010 and 339,000 during Q3 2010. * The most popular spam topic in Q1 was again pharmacy ads representing 28% of all spam, down from 42% in Q4 2010. * India keeps its title for the third quarter in a row as the country with the most zombies – 17% of all zombies worldwide. * Parked domains were the website category most likely to contain malware. * Streaming media/downloads continues to be the most popular topic for blog creators in the Web 2.0 sphere of user-generated content, with 21% of the generated content.

The report also describes attempts by spammers and phishers to save money by hiding their online presence in disused forums or making use of online form-filling services to ease the collection of phished user data.

Commtouch’s quarterly trend report reflects the results of its analysis of billions of Internet transactions daily within the company’s cloud-based GlobalView™ Network.

Commtouch Recurrent Pattern Detection™, GlobalView technologies and multi-layered Command Antivirus' identify and block Internet security threats. More details, including samples and statistics, are available in the Commtouch April 2011 Internet Threats Trend Report, available at:

A brief SlideShare presentation summarizing the report is available at

NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering.

About Commtouch Commtouch' (NASDAQ: CTCH) provides proven Internet security technology to more than 150 security companies and service providers for integration into their solutions. Commtouch’s GlobalView™ and patented Recurrent Pattern Detection™ (RPD™) technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch’s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, enabling our partners and customers to protect end-users from spam and malware, and enabling safe, compliant browsing. The company’s expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary with offices in Sunnyvale, California and Palm Beach Gardens, Florida.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights