Unusual Spam Surge Under Way

Malware-laden spam jumps to 24 percent of all spam this week

Dark Reading Staff, Dark Reading

August 18, 2011

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Spam overall has remained relatively flat in the wake of major botnet takedowns during the past few months. But malicious spam suddenly began surging during the past two weeks, jumping from 13 percent of all spam to 24 percent yesterday.

The 13 percent hike was unusual, according to researchers at M86 Technologies, which spotted the trend. According to M86, this spike is more than the firm has seen in two years.

"If you look at spam overall, it's still down from October of last year," says Ed Rowley, product manager for M86 Security. "In the last 12 months, we've seen takedowns of Spamit and others, and high-profile arrests ... It all had a real impact on spam."

Now it appears the spammers are trying to beef up their botnet armies, especially with many users on vacation and therefore more vulnerable to getting infected by malicious attachments from their home machines, for instance, he says. Much of these newest scams are pushing fake antivirus, too.

"Spammers look like they are trying to recruit more bots for their armies, and the quickest way is to send out [lots of] emails with malicious attachments. They are also trying to make money at the same time," Rowley says.

M86 has spotted three main botnets that appear to be driving this malicious spam surge: Cutwail with the bulk of the attacks, followed by Festi and Asprox. Cutwail is using some old spam campaigns, such as FedEx, credit card, changelogs, and invoices. "The malware is attached within a compressed ZIP archive and is a Trojan that downloads additional malware including Fake AV, SpyEye and the Cutwail spambot itself," M86's Rodel Mendrez wrote in a blog post.

Festi is using UPS as its lure, and sending with it the Chepvil Trojan downloader that installs Fake AV, while Asprox is using hotel transaction spam messages that include a password stealer and fake AV.

There are also signs that spammers are setting the stage for future campaigns in these initial attacks, Rowley says.

But the big news is the rapid uptick in these spam campaigns lately. "This is an epic amount of malicious spam," Mendrez said in his blog. "It seems spammers have returned from a holiday break and are enthusiastically back to work."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights