Asia's Source for Enterprise Network Knowledge

Thursday, April 17th, 2014

Email and Web security

MessageLabs reports spike in botnet activity for February 2009

The February 2009 MessageLabs Intelligence Report highlighted that, although spam declined by 1.3% to 73.3% of all emails in February, levels as high as 79.5% were experienced at the start of the month due to a spike in botnet activity and spammers leveraging the financial crisis and Valentine’s Day for their latest spam antics. 

“February saw the spammers pulling at both the heart and the purse strings with the emphasis on Valentine’s Day and the global recession. Although spam levels declined slightly this month, the level of activity around Valentine’s themed spam reached unprecedented highs accounting for 9% of all spam messages,” said Paul Wood, MessageLabs Intelligence senior analyst, Symantec.

“With the financial crisis front of mind for many organizations and consumers, spammers and phishers are using this topic to their advantage and targeting people when times are tough.” 

For the first time in more than a year, February saw the re-appearance of search engine re-directs which topically referenced the financial crisis. The ‘recession spam’ email messages contained text such as “Money is tight, times are hard. Christmas is over. Time to get a new watch!” The phishing community also used the current financial climate to their advantage; at a time when concerned consumers may not be surprised to hear from their banks, phishing attacks have risen to one in 190.4 emails, from one in 396.2 in January 2009. 

Since the beginning of February, the proportion of Valentine’s Day themed spam rose from 2 % to more than 9 %, with the vast majority of this type of spam, almost 7 %, originating from the Cutwail (Pandex) botnet. Currently the largest botnet, Cutwail dedicated approximately 90 % of its output to Valentine’s Day messages, estimated at 7 billion each day. 

Finally, MessageLabs Intelligence intercepted a new technique involving forged headers on targeted Trojan attacks. Added to an email as it is passed between two mail servers, headers act as a vapor trail so that the path of that email can be tracked. With many attackers not bothering to include headers as a means of falsely authenticating their emails, the use of real-world examples in the most recent attempts made the email stand out as being suspicious.