Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Spam nears pre-McColo-shutdown levels
Published: 2009-01-27

Junk e-mail accounts for nearly three-quarters of all messages sent on the Internet, nearing the level that existed prior to the shutdown of Internet service provider McColo, e-mail security firm MessageLabs said on Monday.

In its monthly MessageLabs Intelligence Report, the company found that spam rose nearly 5 percent from December levels. In total, the active spambots accounted for nearly 75 percent of all e-mail sent on a daily basis. While that is less than 90 percent of the level prior to the takedown of the Internet service provider McColo, it will continue to rise, said Matt Sergeant, senior anti-spam technology at MessageLabs.

"The McColo takedown was very effective, but it was only one rogue ISP," Sergeant said. "We need to be much more diligent in taking down the other rogue ISPs that the botnets are using for their command-control servers."

Botnets are becoming increasingly advanced. Four of the botnets in MessageLabs' Top-10 list send spam at a rate greater than 100 messages per IP address per minute. In another advancement, security firm SecureWorks highlighted last week that Mega-D/Ozdok also takes screenshots of the infected system's desktop, possibly as a way to figure out which computers belong to malware analysts.

Topping MessageLabs' list of spam-sending botnets is the spambot Mega-D, also known as Ozdok, which sent more than 38 billion e-mail messages per day to MessageLab clients, or nearly 410 messages per IP address per minute. Mega-D accounted for 38 percent of the spam intercepted by the company, which is owned by Symantec. Another spambot, Cutwail, appeared to be the most prolific, with an estimated size of more than a million compromised hosts, but that botnet only accounted for 8 percent of average daily spam, according to MessageLabs' report.

Security firms disagree to some extent the volume of spam produced by different spamming botnets. In a report (pdf) released on Tuesday, security firm Marshal8e6 put Mega-D also at the top of its list, accounting for 35 percent of all junk e-mail blocked by the company, but put Xarvester, a variant of the Storm worm, at 25 percent. Xarvester came in a distant fourth place, accounting for 4.4 percent of spam, on MessageLabs' list.

MessageLabs and SecurityFocus are both owned by Symantec.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus