Q3’10 spam and virus trends confirm that spammers are still hard at work distributing malicious content in new and creative ways. August saw a massive 241% increase in virus volume over July, representing the greatest recorded surge in viral activity since 2008. Overall, payload virus volume increased 42% over Q2’10 and 10% over Q3’09, while spam levels decreased 16% and 24% over the same periods, respectively. The spike in malware attacks during August suggests that we might see higher levels of spam moving forward into Q4 as botnet “seeds” planted during this time begin to take action.
By the numbers
Overall, spam volume stayed relatively constant throughout Q3, with a slight dip in August and September. In comparison to the same time in 2009, spam levels are down 24%. This may be attributed to some recent botnet takedowns, such as the partial Pushdo shut down, or point to a generally slower summer season for spam.
However, payload virus levels shot up to record-high levels in August. In comparison to August of 2009, we saw a 111% percent increase in volume overall. What is more remarkable, though, is that this August saw the highest registered number of viruses blocked in a single day: 188 million. This virus surge is even more pronounced than last October’s, when Mega-D, a top-ten botnet, infected over 250,000 computers worldwide before being shut down by a carefully orchestrated campaign by security professionals. This recent increase in viral activity could indicate a “gearing up” as spammers attempt to construct botnets in time for the holiday season and increased consumer spending. With the commercialization of spam in 2006, we’ve often seen a correlation between spam, malware campaigns, and seasonal consumer patterns.
The actual content of this virus wave consisted mainly of traditional spoofing of major brands, along with a new tactic involving recycling previously sent emails taken from the hard drives of infected computers. This new method is more difficult to detect as the wording and content is familiar to the recipient. As always, be on the lookout for suspicious email language and exercise extreme caution when clicking on links. Features in Gmail such as authentication icons can go a long way in protecting your computer, but it’s important to be aware and mindful of these new viral activities when managing your inbox.
Shortened URLs can mask suspicious links
This quarter we detected an increased volume of emails containing shortened URLs linking to suspicious websites. Spammers are increasingly making use of services that shorten URLs as a way of masking the destination website to the user. With the widespread proliferation of shortened URLs, particularly among blogging sites and social networks, it has become increasingly important to remain vigilant and skeptical when evaluating URLs. A shortened URL sent from a “friend” might seem innocuous enough, but, as always, links and emails sent from unknown senders should be scrutinized before further action is taken.
Beware false financial transaction messages
We continue to see false notifications claiming to be sent by various financial authorities. Spammers will frequently send their targets a simple yet authoritative message alerting them of a rejected or unauthorized transaction, then provide a false link directing them to a website. The format of these emails is often simple and innocuous, making it difficult to ascertain the malicious content from a quick glance.
Continued use of NDRs
Fake celebrity gossip
Although August was a slower month in terms of overall spam volume, we saw a substantial spike in messages claiming to break the news of untimely and sudden deaths of various high-profile celebrities. The messages referenced a zip file that in turn contained a virus. These messages, similar to various classic phishing scams involving “friends” in need, attempt to pique a user’s interest with an alarming subject line and content. This has proven to be a successful tactic – hence its continued popularity – as users will often open an email instinctively in response to a particularly emotional or compelling subject line. In response to these attacks, our engineers have developed and released filters designed to combat new spam waves.
Stay safe with a cloud-based security solution
Postini’s hosted email security solutions provide comprehensive spam and virus filtering in the cloud – before they reach the network level. Google’s vast network filters billions of messages a day from all over the globe, creating a “network effect” that allows Google to identify emerging threats and respond early.
For more information on how Google Postini Services can help your organization remain safe, compliant, and spam-free, please visit www.google.com/postini.