Symantec Releases January 2009 MessageLabs Intelligence Report

New botnets boost spam growth to 80% to 90% of pre-McColo spam levels

January 27, 2009

5 Min Read


CUPERTINO, Calif. - January 26, 2009- Symantec Corp. (Nasdaq: SYMC) today announced the launch of its January 2009 MessageLabs Intelligence Report. Analysis highlights an increase in spam levels of 4.9 percent since December 2008 to 74.6 percent, reaching levels close to those experienced before Internet Service Provider McColo was taken down in November 2008. Among the top ten botnets responsible for distributing spam, Mega-D (Ozdoc) had the highest throughput in January, sending more than 26 million spam emails per minute whilst Cutwail (Pandex) remains the largest botnet with more than one million active IPs this month. Some of the top ten most active botnets contributing to the spam increase are new to the threat landscape, including Xarvester, Donbot and Waledac.

"The potential of these botnets to spam in large volumes is a major concern," said Paul Wood, MessageLabs Intelligence Analyst, Symantec. "In particular, Waledac is believed to be the next generation of the infamous botnet Storm (Peacomm). Whilst Waledac malware was spread at an alarming rate in January, it was dispersing spam in relatively small volumes. For now, the botnet controllers are clearly focusing on growing and developing this new botnet resource rather than using it to spam. It will be one to watch as 2009 progresses."

With the increase in spam came a resurgence of stock spam. Since the indictment of notorious stock spammer Alan Ralsky in January 2008, stock spamming has been relatively scarce. But with the help of CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart)-breaking tools aimed at major email providers and the shaky economic climate, MessageLabs Intelligence research identified many examples of spam messages sent from legitimate-looking email addresses touting penny stocks, an opportunity to hook consumers who may be finding it difficult to obtain credit by traditional means with the promise of big returns for little investment.

Other new topics used by spammers this month included the US Presidential Inauguration and, separately, the unrest in the Middle East was used to draw attention to messages which appeared to be used to further the aims of terrorist organizations.

"Just one month into 2009 and the threat landscape already appears to be in full swing," Wood said. "Toward the end of 2008, the MessageLabs Intelligence team predicted a botnet renaissance in which the cybercriminals would improve the technology behind their botnets, creating a new vanguard. Based on the increase in power, numbers and new bots, the cybercriminals seem to be living up to the prediction."

Other report highlights:

Web security: Analysis of Web security activity shows that 11.5 percent of all web-based malware intercepted was new in January. MessageLabs Intelligence also identified an average of 1,208 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 6.2 percent since December 2008.

Spam: In January 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 74.6 percent (1 in 1.92 emails), an increase of 4.9 percent since December 2008.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 257.3 emails (.39 percent), a decrease of 0.12 percent since December 2008. In January, 11.8 percent of email-borne malware contained links to malicious sites, an increase of 9.1 percent since December 2008.

Phishing: January saw a decrease of 0.14 percent in the proportion of phishing attacks compared with December 2008. One in 396.2 (.25 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 11.2 percent to 64.9 percent of all email-borne malware threats intercepted in January.

Geographical Trends: * Although, spam levels in France fell by 0.3 percent in January, France topped the list as the most spammed country with levels reaching 83.8 percent of all email. * Spam levels in the UK reached 77.2 percent in January and 75.1 percent in Canada. Germany's spam rate reached 77.9 percent and spam rose to 78.2 percent in the Netherlands. Spam levels in Australia were 73.5 percent, 73.0 percent in China and 70.7 percent in Japan. * Virus activity in the UK fell by 0.26 percent to 1 in 165.6 emails, where it takes the top position for viruses. * Virus levels for the US were 1 in 455.7, 1 in 324.4 for Canada and 1 in 337.9 for Australia. Virus levels for Germany were 1 in 189.6 and in Japan they reached 1 in 500.6.

Vertical Trends: * With an increase of 0.5 percent, the Marketing & Media sector was the most spammed industry in January, with a spam rate of 77.8 percent. * Chemical and Pharmaceutical sector spam levels reached 75.8 percent, 77.7 percent for Retail, 75.1 percent for Public Sector and 74.2 percent for Finance. * Although virus activity decreased by 0.57 percent in the Education sector, it held the highest virus levels with 1 in 98.8 emails being infected. * Virus levels for the IT Services sector were 1 in 276.3, 1 in 306.7 for Retail and 1 in 245.5 for Finance.

The January 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at

Symantec's MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights