Surge in attachment spam is 'a sign of desperation'

Botnet criminals have flooded the Internet with a surge of attachment spam in recent weeks in a desperate attempt to rebuild a spam-distribution industry under pressure, security experts have suggested.

Share

Botnet criminals have flooded the Internet with a surge of attachment spam in recent weeks in a desperate attempt to rebuild a spam-distribution industry under pressure, security experts have suggested.

Although this surge has been widely reported as a significant return for spam generally, levels are in fact subdued. It is more likely a sign of stress for a part of the cybercrime economy that has had a bad year.

Figures from M86 Security (see below graph) show a spike in attachment spam (emails with malware files attached) beginning at the beginning of August, which at one point accounted for a quarter of all spam seen by the company. That is more than a blip - attachment spam normally makes up fractions of a percent of all spam.

Fellow security company Commtouch also reported attachment spam as having risen 500 percent between 8 and 12 August on the back of a campaign using the common lure of fake UPS or DHL package notifications. Sophos has posted a useful analysis of one of the current crop of bogus package delivery messages.

Putting the attachment surge in context, figures from the same companies show that overall spam is still at historically low levels after the closure earlier this year of Rustock, one of the most prodigious spam botnets. Overall, then, spam levels appear to be continuing their gradual decline.

So where is the new wave of attachment messages coming from and does the latest campaign have any deeper significance?

Most of the messages appear to originate with an unremarkable botnet called Cutwail, backed up by activity from two other small players, Festi and Asprox. The attachments themselves are designed to hit computers with a range of malware, including fake antivirus campaigns and the SpyEye banking Trojan as well as to recruit them to relay spam.

This looks pretty mundane. The carriers are bog-standard DHL emails backed by attachments that serve the same Trojans that make up most Internet malware campaigns. The innovation level is very low and has echoes of a campaign run by criminals in March and April.

"Recommended For You"

The summer of spam Spam levels slump over holiday period