MessageLabs Intelligence: Botnets On The Rise – Pushing Out 11% More Spam

I wrote an article, in June of this year, on FIFA World Cup spammers that turned out to be a popular article (over 4,000 reads) – so, I’ve decided Spam isn’t all bad after all.  🙂

I’m being more than a little facetious, of course. Spam, without a doubt, is one the worst things about the Internet.

MessageLabs Intelligence August 2010, report indicates (surprise, surprise), that there’s been a recent minor reduction in the total amount of spam in circulation. Offsetting this slightly good news though; the same report makes the point that spam, generated by botnets, has increased to 95 percent of all spam – up 11% in just five months.

The Rustock botnet continues to be the main culprit, pumping out 41 percent of all spam in August. This, despite the fact that the Rustock botnet has been reduced in size by roughly half.

Before you think that’s because we’re better at catching botneted machines – it’s not. The fact is, the Rustock botnet is now faster, and more efficient, because it no longer uses TLS encryption.

Selected stats from the report:

This month, there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.

The UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil.

The US is home to the greatest number of bots, most notably Rustock, Storm and Asprox.

A PDF version of the full report including additional findings on spam and security threats is available here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Storm Botnet Bounces Back

“You can’t keep a good man down”, is an old expression that’s familiar to many of us. It seems we could coin a new expression along the same lines – “You can’t keep a bad botnet down”.

Just when you think you’ve knocked them down for good, cyber criminal enterprises seem to magically reappear, and that old familiar spamming botnet, Storm, has raised its ugly head once more.

In a previous article here, Symantec Rubs the 2010 Malware Crystal Ball, in November, 2009, Symantec projected that this reemergence was likely to occur, so Kudos to Symantec – you called this one.

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

According to Symantec’s MessageLabs Intelligence, they “first saw this new variant of the botnet start spamming on 30 April…. containing links to web pages hosting the well known Canadian Pharmacy site”.

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

Typically, the email are short and sweet –

Get all the medications you want online!
Disappointed with your bad performance in bed?
great offers to spice it up in bed..
need some help in the bed?
its time to spice up the bed
Safest and approved method of male enhancing have a easier time making her…
Have long strong night in BED!
Get your favorite rxmedications here!
Win from benefits of hidden secret of pornstars!

For more information on this reemerging threat checkout The Return of Storm, on Symantec’s site.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Threats in Your Email – Hitman Online Extortion

It’s not uncommon for spam to include false warnings in order to trick the recipient into falling for a scam, a phishing attack or installing malware.

A previous spam campaign that was active towards the end of 2007 came in the form of an e-mail allegedly from a private investigator hired to investigate the recipient. This is a private investigator with a heart, it seems, since the email recipient is advised that their telephone is being monitored and that it will be revealed who planned this surveillance in a follow-up e-mail.

As a sign of good faith by the private investigator, a password-protected compressed file was attached to the message that supposedly contained a recording of the victim’s telephone conversations. In reality however, this password-protected compressed file was designed to defeat anti-malware applications running on the victim’s computer.

The file actually contained malware in the form of a Trojan horse, identified by Symantec Corporation as Trojan.Peacomm.D, which most of us know as the “Storm” Trojan. This malware is designed to gather system information and email addresses from a compromised computer. As well, this Trojan can infect legitimate system drivers, and variants can insert components into legitimate processes such as Explorer.exe and Services.exe.

Now we’re faced with a variant of this email scam, the Hitman email. These fear-provoking emails contain a threat that the recipient will be murdered by a hired Hitman. Fortunately, there is a way out of this predicament however; if the recipient will agree to pay a substantial sum of money to the Hitman the contract will be cancelled.

These Hitman emails are not a new occurrence since they were circulating on the Internet early in 2007. These frightening emails have resurfaced again in the past few months, and they seem to be aimed primarily at a select group of professional high earners, such as doctors, lawyers, and business owners, who are more likely to be in a position to pay the large sums of money demanded in the email.

Although there are many variations of this email, here is one example:

Good Day,

I want you to read this message very crefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from,till i make out a space for us to see, i have being paid $50,000.00 in adbance to terminate you with some reasons listed to me by my employer,its one i believe you call a friend,i have followed you closely for one week and three days now and have seen that you are innocent of the accusation,

Do not contact the police or F.B.I or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do,beside this is the first time i turned out to be a betrayer in my job.

Now listen,i will arrange for us to see face to face but before that i need the amount of $80,000.00 and you will have nothing to be afraid of.I will be coming to see you in your office or home dtermine where you wish we meet,do not set any camera to cover us or set up any tape to record our conversation,my employer is in my control now,

You will need to pay $20,000.00 to the account i will provide for you, before we will set our first meeting,after you have make the first advance payment to the account,i will give you the tape that contains his request for me to terminate you, which will be enough evidence for you to take him to court(if you wish to), then the balance will be paid later.

You don’t need my phone contact for now till am assured you are ready to comply good.

Lucky You.

Like all email scams these emails, which contain many grammatical and spelling errors, are generally sent to a large number of people within the targeted group in the expectation, (usually justified), that some will respond. Compounding the issue further, the cyber criminals may try to collect personal information from the victim in an attempt at identity theft.

Keeping in mind that email scams are sent out in bulk it’s reasonable to assume, if you should receive such an email, you are not in any danger of being murdered by a hired killer. Obviously the attempt at extortion is genuine, but the threat against your life is not.

Internet security experts always advise; if you receive unsolicited email messages, you should not reply or respond in any way, but instead simply delete the message from your inbox. In the case of this particular email scam law enforcement officials repeat that advice; that you not respond.

However, in the event you receive a threatening email that includes significant personal information that is specific to you, to ensure your safety, it would be prudent to report this to your local police department.

From Scambusters.org

Don’t Get Scammed!

Many scammers are very cunning, so being smart is NOT enough to protect yourself. Every day smart subscribers thank us saying they would have been scammed if they didn’t subscribe to ScamBusters. Don’t take a chance. Subscribe FREE to ScamBusters, a public service and the #1 publication on Internet fraud.

Share this post :

Storm Botnets – The Computational Power of Super Computers

I must admit that I get very tired of opening my email accounts only to see spam email after spam email, reminding me that enlargement, growth, and natural male enhancement techniques can all be mine if I just click on the enclosed link.

It didn’t take long to establish that the driving force behind the majority of these annoying emails is the well established Storm bot network. Security experts maintain that the Storm bot network continues to be leased to online pharmacy spammers.

The Storm Trojan which first appeared in Europe more than a year ago, takes its name from the content contained in emails relating to extreme bad weather striking parts of Europe at that time.

Those users who were enticed into clicking on links enclosed in the email were directed to a web site that included malevolent code designed to infect Windows PCs with the aim of turning the now infected machine into a spam bot.

The initial success and the continued implementation, in various forms, of this highly sophisticated malware attack has led to the creation of a botnet of unprecedented proportions; a colossal spam-producing network.

According to Bradley Anstis, Vice-President of Products for Marshal, a leader in integrated email and Internet content security solutions, the Storm botnet was responsible for 20 per cent of all spam email sent in the first quarter of 2008.

Marshall is currently monitoring five botnets, including the Storm botnet, believed to be responsible for approximately 75 per cent of all spam currently in circulation. Heavily promoted products on all of these botnets tend to be male enlargement drugs, replica watches and sexually explicit material. The strategy employed by the owners of these botnets is particular ingenious since there’s a strategic crossover with the products being promoted by all five of these botnets.

Frighteningly it is accurate to say that these botnets are getting increasingly larger every day. According to the U.S. Federal Bureau of Investigation, there are at least 1 million botnetted computers in the U.S. Worst, some security firms estimate that currently there are as many as 10 million botnetted machines worldwide. In fact, some researchers believe that this may just be the part of the iceberg we can see above the waterline.

Not surprisingly such large numbers of infected machines have produced some of the most powerful networked computer systems in the world. As a result, many industry analysts are convinced malware and phishing attacks from these botnets can be expected to increase in frequency.

A more frightening possibility involves the potential power of these botnets being turned against secure computer systems in the government, commercial, and industrial sectors in brute-force attacks. Some have argued a coordinated attack, such as the one we witnessed last year against Estonia’s infrastructure, is inevitable.

For your own benefit it’s obviously important to keep your computer from becoming infected and becoming a part of this problem. Perhaps it’s less obvious that we all share a responsibly to help protect other computer users on the Internet from becoming infected. The way to do that is to ensure that you are part of the solution; not part of the problem created by running an insecure machine, or by engaging in unsafe surfing practices.

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

· When surfing the web: Stop. Think. Click
· Don’t open unknown email attachments
· Don’t run programs of unknown origin
· Disable hidden filename extensions
· Keep all applications (including your operating system) patched
· Turn off your computer or disconnect from the network when not in use
· Disable Java, JavaScript, and ActiveX if possible
· Disable scripting features in email programs
· Make regular backups of critical data
· Make a boot disk in case your computer is damaged or compromised
· Turn off file and printer sharing on the computer.
· Install a personal firewall on the computer.
· Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
· Ensure the anti-virus software scans all e-mail attachments
· Install McAfee Site Advisor, WOT (my recommendation), or a similar browser add-on

Share this post :