messagelabs

Botnets lead the way for spam

Spam made up 90.4 percent of all e-mail traffic in June, with botnets accounting for the vast majority of those unsolicited messages, according to a new report from Symantec's MessageLabs.

Spam sent out from botnets, or networks of zombie PCs, made up 83.2 percent of unsolicited e-mail messages this month, MessageLabs said Tuesday in a statement. In May, 57.6 percent of spam was sent from known botnets, with Donbot responsible for 18.2 percent of these messages.

According to the messaging security company, the biggest botnet currently is Cutwail, which has doubled in size and output … Read more

Report: Spam reduced following Pricewert shutdown

It's been almost a week since the Federal Trade Commission had the allegedly rogue Pricewert ISP shut down, and it seems like the Internet has indeed been a safer, or I should say slightly less dangerous, place.

The FTC charged that Pricewert's distribution of illegal, malicious, and harmful content and deployment of botnets that compromised thousands of computers caused substantial consumer injury and was an unfair practice, in violation of federal law.

According to Symantec, the Cutwail botnet--one of the most notorious botnets, accounting for up to 35 percent of all spam in May across the globe--experienced a … Read more

Report: Spam now 90 percent of all e-mail

Spam now accounts for 90.4 percent of all e-mail, according to a report released Monday from security vendor Symantec. This means that 1 out of every 1.1 e-mails is junk. The report also notes that spam shot up 5.1 percent just from April to May.

Symantec's May 2009 MessageLabs Intelligence report reveals other disturbing trends, as well. Rather than just hijack disreputable Web sites, cybercriminals now favor older and well-established domains to host their malware. The report says 84.6 percent of all domains blocked for malicious content are more than a year old. One type … Read more

Spam volume down in September

Spam decreased 8 percent during September, according to a report (PDF) released Monday by MessageLabs.

Among other reasons behind the decrease, the security company cited the apparent demise of California-based Intercage, an Internet service provider alleged to have possibly been used to host command and control servers for various botnets. Intercage's upstream provider, Pacific Internet Exchange, terminated service on September 20; a second upstream provider, UnitedLayer, then terminated service on September 25. During this period, MessageLabs reported a marked decrease in spam traffic.

Looking deeper into the spam traffic itself, MessageLabs found that 85 percent of sexually explicit e-mail … Read more

Security Bites 100: Google Docs claimed by spammers

This week, CNET's Robert Vamosi talks with Matt Sergeant, senior antispam technologist for MessageLabs. Listen now: Download today's podcast

This week, CNET's Robert Vamosi talks about spam with Matt Sergeant, senior antispam technologist for MessageLabs.

About two weeks ago, MessageLabs discovered that spammers were publishing to Google Docs. What this does, says Sergeant, is allow spammers to use Google's incredible bandwidth and also have a Web site that is never going to get blacklisted.

Also, MessageLabs this week reported an uptick in the number of spam e-mails related to the Storm worm and botnet. A few … Read more

Google Docs used in latest spam attack

Spammers will do just about anything to get their e-mail through corporate and desktop filters. According to MessageLabs, they're now using Google Docs, a perfectly legitimate way to publish to the Web. Only what they're publishing is the same old wares--this time, it's enhancement pills. This week I talked with Matt Sergeant, senior anti-spam technologist with MessageLabs, who told me how they they've tracking one Google Doc since May 8, 2008.

Later in the conversation, Sergeant talks about the resurgence of Storm. Only a few weeks ago, MessageLabs reported a notable decrease in computers infected with the Storm botnet. … Read more

Yahoo e-mail accounts compromised for spammers' use

Spammers are going legit, and they're using Yahoo e-mail authentication servers to do it, said Mark Sunner, chief security analyst with MessageLabs.

Most people use the Web interface for Yahoo Mail, which attaches a banner of advertising on the e-mail somewhere within the message. Yahoo also provides a service, Yahoo Plus, that allows the sender to use SMTP and traditional e-mail clients such as Outlook Express or Thunderbird. Mail sent via SMTP passes through Yahoo's servers, signing the mail as legit using the Yahoo Domain Keys Identified Mail (DKIM) service.

What this does is strip out the usual … Read more

Goodbye Storm, Hello Srizbi

On Thursday, MessageLabs reported in its April Intelligence Report a marked decrease in the number of malware links connected to the Storm botnet. "It's not too often that a security company says that things are getting better," said Mark Sunner, Chief Security Analyst.

At its peak, Sunner said, the Storm botnet resided upon one million computers worldwide. That number has since come down to between 85,000 IP addresses at the end of April. He said that over the last eighteen months Storm has been constant, and never decreased according to MessageLabs research. "Other security companies … Read more

At least 13 Olympics-theme Trojan horses seen (so far)

Once again, criminal hackers are targeting a worldwide event to deposit their malicious software on victims' PCs, according to one security vendor.

Within the last six months, MessageLabs has found at least 13 new Trojan horse programs associated with e-mails bearing subjects such as "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents."

The problem is, according to a MessageLabs representative, that the hackers' e-mail messages employ an embedded Microsoft Office database file within the zipped attachment. Microsoft said in a recent security advisory that customers not running Windows Vista or Windows … Read more