Botnets lead the way for spam

Spam made up more than 90 percent of all e-mail last month, with networks of zombie PCs producing the vast majority of such messages, MessageLabs says.

Vivian Yeo Special to CNET News
2 min read

Spam made up 90.4 percent of all e-mail traffic in June, with botnets accounting for the vast majority of those unsolicited messages, according to a new report from Symantec's MessageLabs.

Spam sent out from botnets, or networks of zombie PCs, made up 83.2 percent of unsolicited e-mail messages this month, MessageLabs said Tuesday in a statement. In May, 57.6 percent of spam was sent from known botnets, with Donbot responsible for 18.2 percent of these messages.

According to the messaging security company, the biggest botnet currently is Cutwail, which has doubled in size and output per bot since March. At its peak, Cutwail had an army of 1.5 million to 2 million active bots, but the shutdown of Californian ISP Pricewert earlier this month led to several hours of downtime for the botnet.

Cutwail, however, bounced back within hours, noted MessageLabs. It currently has an output of around one-third of its original capacity. Other major botnets include Rustock, Grum, Donbot, Bagle, Xarvester, Mega-D, Gheg, Asprox, and Darkmailer.

Also in June, there were an average of 1,919 new Web sites per day harboring malware and other potentially unwanted programs including spyware and adware. This represented an increase of 67 percent over May.

Over half, or 58.8 percent, of all Web-based malware that MessageLabs intercepted during the month was new, a month-on-month increase of 24.6 percent.

Data from MessageLabs also shows that more hyperlinks in instant messaging conversations are stepping stones to "instant malware."

In June, 1 in 78 hyperlinks found in instant messages linked to Web sites hosting malicious content, compared with 1 in 200 at the end of 2008. The hidden malware typically tries to perform a drive-by attack on a vulnerable Web browser or browser plug-in, said the company.

One in 80 IM users, predicted MessageLabs, may receive a malicious instant message each month.

Vivian Yeo of ZDNet Asia reported from Singapore.