Storm worm and botnets kept spam high in 2007

Botnets helped keep spam output at consistently high levels last year, and global spam reached rates as high as 96% of all email traffic during 2007, according to a report from email security firm Commtouch.

Share

Botnets helped keep spam output at consistently high levels last year, and global spam reached rates as high as 96% of all email traffic during 2007, according to a report from email security firm Commtouch.

The global spam rate averaged around 80% of all email traffic throughout the year, the firm said. Although the spam rate dipped to 60% in the second quarter, it spiked later, peaking at 96% of all email output early in the fourth quarter.

Commtouch said that botnets, which are networks of infected zombie hosts that carry out distributed denial-of-service attacks and spam campaigns, were the major culprits behind the spam outbreaks.

The most disruptive botnet was the Storm worm, which researchers estimate affected over one million machines. In the fourth quarter of 2007, for instance, the Storm botnet launched an MP3 spam campaign that enticed unwitting users into downloading malware by offering them free music. Commtouch said this particular attack accounted for up to 10% of all global spam traffic at its peak.

In addition to its MP3 attacks, the Storm botnet launched a series of holiday-themed spam attacks that enticed users with promises of "sexy girls" who would "give you that special Santa treatment."

Commtouch warned that the Storm botnet had yet to be used to its full potential and that its activity in 2007 "may come to be seen as merely the calm before the Storm compared to what 2008 has yet to bring".

Just this week, it emerged that spammers had hidden URLs on Microsoft's Live SkyDrive file sharing service, and a security enthusiast warned that it was possible to send spam to a person's printer from an infected web page.

Part of the reason that the Storm botnet has been so difficult for security experts to tackle, the firm noted, was that it has an elaborate defence system that aggressively attacked anyone who attempted to reverse engineer it.

Additionally, Commtouch said it is virtually impossible to track down Storm's botmaster, because its command and control is executed through a peer-to-peer network.

"The only effective way to protect against Storm and other botnets is to dynamically detect and block activity from the infected machines, based on identifying zombie IP addresses," Commtouch says. "Only security solutions capable of detecting and classifying malicious activity in real-time are able to provide a barrier against this growing threat.”

"Recommended For You"

Barclays and Bank of Scotland customers targeted in Storm phishing attack Infected computers serve as engine for P2P worm