And the Conficker worm -- which grabbed mainstream media attention last month -- is not a major factor in the bot infection counts nor overall infections, with Conficker infections accounting for only about one percent of all virus detections in the first quarter of this year, according to David Marcus, director of security research for McAfee.
McAfee Avert Labs found 12 million new IP addresses performing bot operations in the first quarter, according to the report, but spam activity still has not caught up to its level prior to the McColo takedown last November. "The activity level of new zombies indicates that the spammers are working hard to regain the infrastructure lost and that volumes will return to previous levels sometime soon," the report says.
The U.S. has 18 percent of all bot-infected machines, up from 15.4 percent in the fourth quarter of 2008, surpassing China, which now has 13.4 percent, down from 15.8 percent in Q4 '08. A new hotspot for zombies is Australia, which now has 6 percent of all bots, up from 4 percent in the fourth quarter, and below 2 percent in the third quarter of 2008.
"The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the Web with malware," says Jeff Green, senior vice president of McAfee Avert Labs. "Essentially, this is cybercrime-enablement."
Spam email has decreased to its lowest level since 2006, dropping below 90 percent of all email at its peak quarter last year. But it was still at a total of 90 percent for the year, according to the report.
Last month was a relatively dry spam spell, with 100 billion spam messages received per day versus last year's average of 153 billion. "Although email accounts and their activity vary greatly, we estimate that individuals are receiving between six and 12 fewer emails per day compared with last year," McAfee said in its report. Not to worry, however: McAfee expects spam levels to recover to their 2008 levels.
Among other highlights from the report: The Koobface virus is making a comeback, with more than 800 new variants discovered in March, and the bad guys exploited more legitimate content servers as a way to infect their victims. They've also upped the number of URL redirects to mask their whereabouts.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.