Marketers responsible for
sending email promotions may find it more challenging to keep spam botnets at bay. Spam levels hit 90.4% of all email traffic scanned in June by MessageLabs Intelligence. That's the highest level
since 2007, according to Paul Wood, MessageLabs analyst at Symantec.
It puts the highest strain on small and-medium-sized businesses to filter out the garbage. Google, Microsoft and
Yahoo shovel money and resources into filtering out spam from Webmail accounts, but Wood says that while 83.2% of spam comes from botnets, between 10% and 15% originates in Webmail accounts.
The
Webmail accounts are set up automatically using CAPTCHA-breaking tools to bypass the visual puzzles found on the signup pages of Web sites. But the amount continues to increase in Webmail because it's
more difficult for anti-spam software running on computer desktops to identify and differentiate the "bad stuff" from legitimate messages.
HTML-formatted emails loading an image in the content
from a remote site also contributed to the increase during the last two months. This means much of the spam now comes from genuine Webmail accounts, rather than accounts that have been spoofed to
appear legitimate.
Resilient botnets have become a concern, Wood says. One of the most active botnets, Cutwail, managed to quickly bounce back after several hours of downtime on June 5, following
the shutdown of California- based ISP Pricewert by the U.S. Federal Trade Commission earlier that week.
While MessageLabs detected a sudden drop in email Spam levels related to the Cutwail
botnet, the decrease was short-lived. In hours, the botnet managed to recover to about one-third of its original capacity. Wood says the botnet literally "healed itself."
MessageLabs has also
seen "social engineering" to dress up messages and entice people to click to download malicious malware through music videos. "We didn't see much activity straight away after the death of Michael
Jackson because I think it caught the bad guys off guard," Wood says. The spam and malware attacks followed after a few days.
Cutwail and Donbot, a top 5 botnet in size and output, have been
responsible for celebrity spamming, but when opening the email it contains the same old pharmaceutical message and image.
A blog post from security firm SophosLabs notes that Michael Jackson
breaking news videos distribute malware. The body of the message is in Portuguese, which SophosLabs roughly translated into telling the viewer to click on the video to see unpublished images of
Michael Jackson's body. The image contains two links. One takes the person to a .com.au site that asks the person to download the file "Michael.Jackson.videos.scr." This file is detected by Sophos
Antivirus as Troj/Dloadr-CPD. The other link takes the user to a YouTube video of Jackson's hit "Thriller."