Spammers recover from Rustock take down
Stop! Don’t open that unsolicited “penis enlargement” e-mail until you read this.
Fake pharmaceutical e-mails were the most popular topic used by spammers during 1Q11, accounting for 28% of all spam during the quarter, regular figures from Commtouch released this week show.
Average spam and phishing messages hit 149 billion per day during the quarter, with a range of new approaches employed including fake parcel tracking e-mails claiming to be from UPS and DHL and chat messages from compromised Facebook accounts, which resulted in development of fake applications and virus files, the firm states.
While the number of zombie machine activations fell from 288,000 per day in 4Q10 to 258,000 in 1Q, due in part to the take down of the Rustock botnet in early March, spammers quickly got networks back on track, resulting in a 400% rise in malware sent via e-mail in the last week of the month.
Asaf Greiner, vice president of products for Commtouch, says botnets are “an essential part of cybercriminal infrastructure, providing vast computing resources, bandwidth and anonymity.” While the removal of Rustock is a clear win for cyber security, Greiner warns that “takedowns will almost always result in significant attempts at rebuilding,” as criminals seek to continue their operations.
His view is borne out by the latest figures, which show cyber criminals quickly got back to work following an apparent Christmas break, when spam activity fell to under 50 billion messages per day, from a peak of 200 billion in August.
Telecoms Europe.net reported earlier this year that cyber attacks were on the rise due to ready availability of off-the-shelf hacking tools. Security firm Arbor Networks told us that the number of distributed denial of service (DDOS) attacks doubled in 2010 as a result, with some consuming enough bandwidth to take out entire networks.
At the time, Carlos Morales, Arbor’s vice president of global sales engineering, said mobile networks were at the greatest risk of attack, due to security set-ups that are “almost ten years behind their fixed-line brethren.”