Tag Archives: Rustock

March 2011 MessageLabs Intelligence Report – Rustock Goes Down, Bagle Botnet Picks Up The Slack

imageThere’s been much more discussion recently as to whether infected computers should be allowed unrestricted access to the Internet. Despite the fact we’ve been around the horn on this question for years, there’s still little consensus on this thorny issue.

Since infected computers, linked together in botnets, form the backbone of spam distribution networks – according to the March 2011 MessageLabs Intelligence Report, botnets sent an average of 88.2% of global spam during 2010 – this question needs to be taken off the back burner and dealt with much more aggressively.

Frankly, I’m tired of making excuses for people who are too damn lazy, too damn stupid, too damn inconsiderate, ………. to take the time to learn the basics of computer security. And, as a consequence cause me, and you incidentally, to have to deal with volumes of spam that are beyond the pale.

image

Graphic courtesy of Symantec (Click to expand to original)

According to the March 2011, MessageLabs Intelligence Report (released yesterday), the recently taken down Rustock botnet “had been sending as many as 13.82 billion spam emails daily, accounting for an average of 28.5% of global spam sent from all botnets in March.”

A little math suggests, that during March enough Spam was emailed that conceivably, every person on the Planet received 7 spam emails EVERY DAY! Since every person on the Planet is not connected, the abuse takes on another magnitude. I can’t think of another finite resource – and the Internet is a finite resource – that could be continuously abused in this way, without some kind of strong kickback.

Are we making any headway against botnets and the cyber criminals behind them? Not according to the MessageLabs Intelligence Report we’re not. Sure, Rustock has bitten the dust (at least for the moment), but the Bagle botnet has stepped into the breech, bumped up its output, and is now sending 8.31 billion spam emails each day, mostly tied to pharmaceutical products.

Report highlights:

Spam: In March 2011, the global ratio of spam in email traffic from new and previously unknown bad sources decreased by 2 percent (1 in 1.26 emails).

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 208.9 emails (0.479 percent) in March, an increase of .134 percentage points since February. In March, 63.4 percent of email-borne malware contained links to malicious websites, a decrease of .1 percentage points since February.

Endpoint Threats: The endpoint is often the last line of defense and analysis. The threats found here can shed light on the wider nature of threats confronting businesses, especially from blended attacks. Attacks reaching the endpoint are likely to have already circumvented other layers of protection that may already be deployed, such as gateway filtering.

Phishing: In March, phishing activity was 1 in 252.5 emails (0.396 percent), a decrease of 0.065 percentage points since February.

Web security: Analysis of web security activity shows that an average of 2,973 websites each day were harbouring malware and other potentially unwanted programs including spyware and adware, a decrease of 27.5% since February. 37 percent of malicious domains blocked were new in March, a decrease of 1.9 percentage points since February. Additionally, 24.5 percent of all web-based malware blocked was new in March, a decrease of 4.2 percentage points since last month.

Reading this type of report (or at least the highlights), is certainly educational, and can be a major step in expanding that sense of threat awareness that active Internet users’ require.

The full MLI Report is available here in PDF.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under bots, Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, email scams, Interconnectivity, MessageLabs, spam, Symantec, Windows Tips and Tools

News From Symantec Hosted Services

image

We know, only too well, that cyber criminals take advantage of every opportunity that new and emerging technologies provide to expand their trade – data theft.

So, with the huge adoption rate in smart mobile devices, and our increased reliance on these devices (which are literally powerful computers), there is a more pronounced sense of urgency to protect the data stored on these sophisticated mobile devices from the threat of cybercrime.

Symantec Hosted Services, recognizing this need, recently announced enhancements to its MessageLabs Web Security Service roaming support options, that will allow organizations to further support the security needs of their mobile workforce.

According to Symantec – “The new enhancements will monitor and secure the online activity of a highly distributed workforce.  Drawing on findings from the recent MessageLabs Intelligence report highlighting the inappropriate web usage of mobile workers, SmartConnect and RemoteConnect for MessageLabs Hosted Web Security protect against malware, and enforces Web acceptable use policies for teleworkers, or employees, at remote offices.”

____________________________________________________

If you’ve noticed a significant drop in Spam in your inboxes lately, like I have, there’s good reason – according to Symantec Hosted Services.

On Sunday, October 3, Symantec Hosted Services noticed that global spam levels dropped to their lowest in a while. Symantec Hosted Services believes this drop was due to a decrease in output by the Rustock and Cutwail botnets.

For additional insight on how Symantec Hosted Services tracked last weekend’s spam drop via sophisticated botnet intelligence, what contribution to global spam each of the major botnets makes, and what factors influence botnet output, check out the MessageLabs  Intelligence blog report here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under bots, cell phone, Connected Devices, Email, Enterprise Applications, Malware Reports, MessageLabs, Software, spam, Symantec, System Security, Windows Tips and Tools

MessageLabs Intelligence: Botnets On The Rise – Pushing Out 11% More Spam

I wrote an article, in June of this year, on FIFA World Cup spammers that turned out to be a popular article (over 4,000 reads) – so, I’ve decided Spam isn’t all bad after all.  🙂

I’m being more than a little facetious, of course. Spam, without a doubt, is one the worst things about the Internet.

MessageLabs Intelligence August 2010, report indicates (surprise, surprise), that there’s been a recent minor reduction in the total amount of spam in circulation. Offsetting this slightly good news though; the same report makes the point that spam, generated by botnets, has increased to 95 percent of all spam – up 11% in just five months.

The Rustock botnet continues to be the main culprit, pumping out 41 percent of all spam in August. This, despite the fact that the Rustock botnet has been reduced in size by roughly half.

Before you think that’s because we’re better at catching botneted machines – it’s not. The fact is, the Rustock botnet is now faster, and more efficient, because it no longer uses TLS encryption.

Selected stats from the report:

This month, there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.

The UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil.

The US is home to the greatest number of bots, most notably Rustock, Storm and Asprox.

A PDF version of the full report including additional findings on spam and security threats is available here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under cybercrime, Don't Get Scammed, Email, email scams, MessageLabs, Reports, spam, Symantec, Windows Tips and Tools

Festi Botnet Joins the Big 5

image Symantec’s MessageLabs Intelligence, has just reported that the Cutwail, Bagle, Grum, and Rustock botnets, have been joined by a new botnet – Festi, which now accounts for 3-6% of the daily global spam.

As a percentage this doesn’t sound like an impressive number, but translated into actual spam volume; 1.5 to 3 billion spam e-mails per day globally – that’s impressive. Like all successful botnets Festi continues to grow by adding additional infected (botnetted) machines, to its network.

According to MessageLabs,  Festi is responsible for at least some of the annoying “male enhancement” spam we are all so familiar with.

image

For information on botnets and how to determine if your machine has been compromised, the following articles should be helpful:

Tech Thoughts: 2 Free Port Checkers – CurrPorts and Process and Port Analyzer

Tech Thoughts: Catch the Bad Bots with Free RUBotted from Trend Micro

PCWorld – Monitor Botnet Threats Your Antivirus Can’t See

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Festi Botnet Joins the Big 5

Filed under bots, Don't Get Hacked, downloads, Email, Freeware, Internet Security Alerts, MessageLabs, Software, Symantec, System Security, Windows Tips and Tools

Spammers Are Planning for the Holidays

image Symantec’s October 2009, MessageLabs Intelligence Report, shows how far ahead Spammers plan in order to entrap the unwary web surfer. Just as you are preparing for the holidays, so are the Cybercriminals. As the old saying goes “forewarned is forearmed”, so be prepared.

Courtesy of MessageLabs:

October begins the holiday season and for the next three months, online shopping and research will become a premium for consumers.  Symantec today announced its October 2009 MessageLabs Intelligence Report which reveals the that the spam gangs behind the biggest botnets – Cutwail, Rustock and Donbot – are using the same upcoming major holidays and world events as the themes for their the latest spam runs.

Highlights from the latest report.

Halloween – Trick or treat?  Only 0.5% of spam right now is tied to Halloween – however MessageLabs Intelligence expects approximately 500 MILLION Halloween themed spam emails to be in circulation worldwide, each day, as the holiday approaches this week. The majority of this type of spam links to pharmaceutical or medical spam sites and comes from the Rustock and Donbot botnets.

Thanksgiving and Christmas – Spam from the Cutwail botnet uses both Thanksgiving and Christmas as a theme to sell replica watches. To date, holiday spam accounts for approximately 2% of all spam. More than 2 BILLION Thanksgiving or Christmas-themed spam emails are projected to be in circulation globally each day.

And spammers are even preparing for some of the next big holiday and major events in 2010 already.

Valentine’s Day – MessageLabs Intelligence has already started to see the first runs of St. Valentine’s Day spam, more than 4 months before the occasion. These are being sent from the Cutwail and Rustock botnets, and relate to pharmaceutical and medical spam.

2010 World Cup – Next summer’s soccer games in South Africa have already precipitated a small number of spam messages relating to the event. These are advance-fee fraud or 419-style scams, and they include images of Nelson Mandela and the official FIFA logo.

How successful are these scams? Consumers fall victim to messages like this all the time, fueling an underground economy worth an estimated $105 billion in profit from fraudulent activities.

“As is typical with spammers this time of year, we are seeing them try to capitalize on the holiday season,” said MessageLabs Intelligence Senior Analyst, Paul Wood. “Although they may be a bit overzealous, spamming is a numbers game and the spammers have certainly succeeded with volume thus far. Perhaps their early-bird approach is an attempt to compete with the other botnets and get in early to maximize their chances of success.”

You can read a full copy of the report here.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Spammers Are Planning for the Holidays

Filed under Don't Get Scammed, Email, email scams, internet scams, Internet Security Alerts, Malware Advisories, Malware Reports, MessageLabs, Safe Surfing, Symantec, Windows Tips and Tools

150 BILLION Daily Spams – Who’s Responsible?

Symantec’s latest MessageLabs Intelligence Report – unveiled today – describes in detail who’s responsible for such unprecedented levels of spam.

image Over 150 BILLION unsolicited e-mail messages are being distributed by compromised computers every day, which means that botnets are responsible for approximately 88 percent of all spam out there today.

Recent closures of rogue Internet Service Providers McColo, PriceWert and Real Host have significantly hurt the two biggest botnets of 2009: Cutwail and Srizbi, which at their peak where each responsible for 45.6 percent and 50 percent of all global spam, respectively. Since then, Cutwail has been bumped to the third most powerful botnet and Srizbi has disappeared.

ML Botnets

Here’s a look at how some of the newest botnets stack up:

Grum – the most active botnet, responsible for over 23 percent of global spam. Since June, Grum has increased its output per bot massively, pushing it to the top of the current “worst offenders”.

Bobax – has overtaken Cutwail as a top botnet, and is responsible for 15.7 percent of spam. Previously one of the smaller, less active botnets, Bobax has now quadrupled in size and its output per bot per minute is now the highest MessageLabs has ever seen.

Rustock – the largest botnet of all, with an estimated 1.3 to 1.9 million compromised computers in its control. Rustock has roughly doubled in size since June, but doesn’t have a high output. What sets this botnet apart from the rest is its highly automated cycle of spamming activity: spam from this botnet accelerates from 3am EST, peaks around 7am EST and dies down by 7pm EST.

Mega D – has been losing bots quite rapidly. It is now only one tenth the size it was in June. However, it’s now working its bots harder than ever, 2nd only to the output of Bobax in spam per bot per minute!

Maazben – meet the newest botnet, and one to watch in the future. Currently focused on sending out casino-spam, Maazben first appeared in May and has been growing the number of bots rapidly in recent weeks while keeping its output low.

What else can we expect from these powerful machines and how can businesses safeguard against their threats? You can find additional information on this and other online threats here.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Email, Interconnectivity, internet scams, Malware Reports, MessageLabs, Online Safety, Symantec, Windows Tips and Tools