Rustock Botnet Eclipses Cutwail As the Biggest Botnet

image When you run a business, market position needs to be foremost in your mind – you can’t let the competition get one step ahead.

Spam is a business, just like any other business, and the strategies and tactics that apply to legitimate business apply equally to an illegal business like Spam.

Technical sophistication, in terms of both creativity and delivery techniques, continue to improve in the Spam marketplace, motivated of course, by the cyber criminals’ need to generate increasing opportunity for financial gain and identity theft.

MessageLabs April 2010 Intelligence Report indicates there has been some jockeying for position in the Spam Botnet marketplace, where the Rustock Botnet has now surpassed Cutwail as the biggest botnet, both in terms of the amount of spam it sends, and the amount of active bots under its control. Rustock is now responsible for 32.8 percent of all spam.

So, what does this mean to you, and me, in terms of risk? As an indication of the substantial risk we continue to face from Spam, MessageLabs Intelligence reports in their April 2010 release, that they intercepted 36,208 unique strains of Spam delivered malware during the month, which translates into 1 in every 287 emails packed with a virus.

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

Symantec’s latest MessageLabs Intelligence Report is scary stuff, and I encourage you to read this report which will give you some indication of where we’re likely headed, and what we’ll have to deal with.

MessageLabs Intelligence report highlights:

Spam: In April 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 89.9 percent (1 in 1.11 emails), a decrease of 0.8 percentage points since March.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 340.7 emails (0.294 percent) in April, an increase of 0.01 percentage points since March. In April 28.9 percent of email-borne malware contained links to malicious websites, an increase of 12.1 percentage points since March.

Phishing: In April, phishing activity was 1 in 455.2 emails (0.219 percent) an increase of 0.03 percentage points since March. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had increased by 5.7 percentage points to 70.3 percent of all email-borne threats.

Web security: Analysis of web security activity shows that 10.9 percent of all web-based malware intercepted was new in April, a decrease of 4.0 percentage points since March. MessageLabs Intelligence also identified an average of 1,675 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 12.7 percent since March.

Geographical Trends:

· Spam levels in Italy rose to 95.5 percent in April positioning it as the most spammed country.

· In the US, 90.2 percent of email was spam and 88.9 percent in Canada. Spam levels in the UK rose to 89.4 percent.

· In the Netherlands, spam accounted for 91.5 percent of email traffic, while spam levels reached 89.4 percent in Australia and 92.3 percent in Germany.

· Spam levels in Hong Kong reached 91.0 percent and spam levels in Japan were at 86.9 percent.

· Virus activity in Taiwan was 1 in 76.3 emails, keeping it as the most targeted country for email-borne malware in April.

· Virus levels for the US were 1 in 646.3 and 1 in 416.2 for Canada. In Germany, virus levels were 1 in 471.0, 1 in 1,120.0 for the Netherlands, 1 in 416.5 for Australia, 1 in 501.0 for Hong Kong, 1 in 1,161.0for Japan and 1 in 613.0 for Singapore.

· UK remained the most active country for phishing attacks in April with 1 in 199.7 emails.

Vertical Trends:

· In April, the most spammed industry sector with a spam rate of 94.9 percent remained the Engineering sector.

· Spam levels for the Education sector were 91.1 percent, 90.2 percent for the Chemical & Pharmaceutical sector, 90.7 percent for IT Services, 90.9 percent for Retail, 88.4 percent for Public Sector and 88.4 percent for Finance.

· In April, the Public Sector remained the most targeted industry for malware with 1 in 99.1 emails being blocked as malicious.

· Virus levels for the Chemical & Pharmaceutical sector were 1 in 438.2, 1 in 487.5 for the IT Services sector, 1 in 600.2 for Retail, 1 in 109.6 for Education and 1 in 365.9 for Finance.

The full April 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available here.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, MessageLabs, spam, Symantec, System Security, Viruses, Windows Tips and Tools

5 responses to “Rustock Botnet Eclipses Cutwail As the Biggest Botnet

  1. Pingback: Tweets that mention Rustock Botnet Eclipses Cutwail As the Biggest Botnet « Bill Mullins' Weblog – Tech Thoughts --

  2. This is turning into the new “American Idol” which botnet will you be hosed by tonight.
    Time for XP to go away, I know a lot of people love it for its speed and simplicity I’m a big fan of Win2K for the same reason, but its time to let it go especially in the enterprise.

    • Bill Mullins

      Hi mark,

      “This is turning into the new “American Idol” which botnet will you be hosed by tonight” – I got a good laugh out of that! Like most humor of course, it’s dead on the money.

      Have to agree with your assessment of XP, it pains me, but…

      Along the same lines – I just can’t come to grips with Enterprises’ insistence on holding on to IE 6. There ought to be a law against it. I’m maybe being a little facetious, but not by much. I know this – I *will not*deal with a company which continues to use IE 6.



  3. Adrian

    Am I correct that Symantec are the company who produce Norton IS?