Botnets cause surge in February spam

Spam levels increase more than 5 percent in February over prior month, due in large part to greater activity from Grum and Rustock botnets, according to Symantec.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
3 min read

Spam now accounts for close to 90 percent of all e-mail worldwide due to a surge in February, according to Symantec.

Two botnets named Grum and Rustock helped push spam levels up 5.5 percent in February over the prior month, according to the security firm's report (PDF). After doing business as usual over the past year, Grum suddenly sprang to life in February, increasing the amount of spam it generated by 51 percent. As a result, the botnet is now to blame for 26 percent of all global spam.

Rustock also surged last month, pushing up global spam levels by 25 percent on February 17 to the highest level for the entire month. The rise of both botnets were traced to activity related to Canadian pharmaceutical spam, Symantec said. One of the hottest scams on the Internet, pharmaceutical spam now is responsible for 65 percent of all worldwide spam.


"Whether the spammers are trying to clear this spam run more quickly or have discovered that it is successful, they have certainly been using multiple botnets to distribute high-volume spam campaigns in February," Symantec MessageLabs Intelligence senior analyst Paul Wood said Monday in a statement. "The activities of this single spam operation have been driving recent global surges in spam rates and strongly impacting global spam levels in turn. Based on these latest spam patterns, we can predict additional surges in spam in the coming weeks."

Though spam levels rose last month, the size of the typical spam message and the number of junk e-mails with file attachments both fell. The average size of a spam e-mail is now around 3.3KB compared with 5KB in October. The number of spam messages with attachments dropped to 1 percent in February from 10 percent last April. But that's not really good news, noted Symantec, because spammers now are hosting images online, shrinking the size of each spam and helping the botnets send out more spam per minute.

The Waledac botnet also got some press recently. Playing it low-key for the past year, Waledac spiked in January, accounting for around 1 percent of all malware caught. In its effort to battle the botnets, Microsoft was granted a court order on February 22 that shut down 277 domain names apparently related to the spread of Waledac. This move has seemingly ended Waledac's career for now.

The takedown of Waledac was an effective step in the fight against malware, Symantec noted in the report, which explained how the botnet operated in the past.

"Malware connected to Waledac are not distributed by the botnet itself but are sent by other botnets," Wood said. "Recently, Waledac malware has been sent from the Cutwail botnet. Also noteworthy is that spammers using the Waledac malware seem particularly focused on the major free Webmail hosting services using email addresses in use by individuals. Waledac is adept at evading traditional dormant honeypot addresses."

Spam levels reached 93.4 percent of all e-email in Italy last month, making it the most spammed country. Denmark was next at 92.8 percent, followed by Russia at 91.8 percent. In the United States, 90.2 percent of all e-mail was spam in February, while in the U.K., spam levels dropped at bit to 88.6 percent.