Google: Virus-Packing Spam Rose Despite Botnet TakedownsGoogle: Virus-Packing Spam Rose Despite Botnet Takedowns
Postini email security team logged massive surge in viruses in Q4 2009
April 16, 2010
Botnet operators responded to takedown and other pressures last year by packing high-volume payloads of viruses in their spam runs, according to new data from Google's Postini team.
Spam volume dropped 12 percent in the first quarter of this year from Q4 2009, accounting for 86 percent of all email in Q1. But the size of spam messages increased by 30 percent in March, according to the Postini team.
Virus-laden spam rose dramatically late last year, ballooning from 0.3 percent of all spam in the first half of 2009 to 3.7 percent in the second half of the year; Postini reports blocking more than 100 million of these messages per day at the height of this trend. These malicious messages were back down to about 1.1 percent of all spam in Q1, according to Adam Swidler, product marketing manager for Google's Postini team, which gathers its data from 80,000 business customers.
Much of that activity was in response to the takedown of the Mega-D botnet last year. So far this year the Waledac and Mariposa botnets also have been dismantled by the security community.
"In response to actions the security community was taking [in 2009], the [attackers] started seeding botnets with a high volume of payload viruses in the second half [of the year]," Swidler says. "We've seen that activity drop off as they've shifted back to traditional spamming type activities."
But Swidler says even with the subsequent botnet takedowns since Mega-D, spam volumes have not really decreased significantly this year so far. "Spam is still over 6 percent more compared with a year ago," he says.
Starting with the McColo service takedown in 2008, each time a criminal infrastructure has been dismantled, the bad guys get quicker at rebounding back, he says. "We're expecting to see these targeted attacks on botnets in 2010and we're waiting to see if any have as much of an impact as we would hope," he says.
Meanwhile, Google Postini has seen an increase in image spam. "From a spam size perspective, we've seen a measurable jump," Swidler says. "Its [resurgence] indicates that easily reusable components make it a low barrier to entry to get in...and not spend time creating new materials for spam campaigns."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks