Beware Beware
PreferredByPete.com Enthusiast
--------------------------------------------------------------------------------
A new report from Symantec put the Rustock botnet at the top of the heap for spamming in spite of the fact the number of infected computers under its control was slashed nearly in half.
Rustock retained the top spot as the busiest spam-sending botnet on the Web this month despite the fact the number of bots under its control shrank.
According to Symantec’s August 2010 MessageLabs Intelligence Report, Rustock increased its output from 32 percent of botnet spam in April to 41 percent in August. Ironically, this happened even though the number of Rustock bots dropping from 2.5 million to 1.3 million during that same period, researchers found.
“Rustock has shrunk in size perhaps as a result of infected computers being cleaned or replaced,” speculated Paul Wood, MessageLabs Intelligence senior analyst for Symantec Hosted Services. “It is likely that a new variant of the Rustock botnet has been created to replace the bots that it has lost. This usually involves a new version of the Trojan code being deployed, which at first appears as a new, unknown botnet. I would expect the botnet to grow again over the coming weeks and months.”
In the meantime, Rustock has turned off its use of TLS encryption because it of the large amount of computing resources it consumes, Wood said. By turning off TLS encryption, the botnet can send great volumes of spam – in this case, to the tune of 192 spam e-mails per minute instead of 96.
At its peak in March, TLS-encrypted spam accounted for 30 percent of spam from all sources and as much as 70 percent of spam from Rustock. That percentage of TLS-encrypted spam has declined to less than 0.5 percent of all spam.
Outside of Rustock, the Grum and Cutwail botnets were responsible for 16.36 and 6.99 percent of all spam, respectively. First identified in 2007, Cutwail sends more malware than any other botnet, usually in the form of a zip file attachment, the report notes.
Geographically, the U.K. was responsible for 4.5 percent of the world’s spam during the month, more than double its percentage from April. It is now the fourth most frequent source of spam behind the U.S. (number one), India and Brazil, respectively.
The U.S. is home to the most bots, with most belonging to the Rustock, Storm and Asprox botnets. Some 14 percent of the Rustock bots are in the United States, up from seven percent in April.
The global ratio of spam in e-mal traffic was 1 in 1.08 e-mails (92.2 percent), the researchers found. Nearly 18 percent of spam came from yet-to-be-classified botnets. Phishing activity also inched up .1 percent to 1 in 363.1 e-mails.
“Computers are not like washing machines or televisions - they need constant maintenance, upgrading and patching,” Wood said. “Security is often left to the end user, and the growth or social networking and user generated content has also made it easier for the criminals to take advantage of people's willingness to be open and share information.”
__________________
A new report from Symantec put the Rustock botnet at the top of the heap for spamming in spite of the fact the number of infected computers under its control was slashed nearly in half.
Rustock retained the top spot as the busiest spam-sending botnet on the Web this month despite the fact the number of bots under its control shrank.
According to Symantec’s August 2010 MessageLabs Intelligence Report, Rustock increased its output from 32 percent of botnet spam in April to 41 percent in August. Ironically, this happened even though the number of Rustock bots dropping from 2.5 million to 1.3 million during that same period, researchers found.
“Rustock has shrunk in size perhaps as a result of infected computers being cleaned or replaced,” speculated Paul Wood, MessageLabs Intelligence senior analyst for Symantec Hosted Services. “It is likely that a new variant of the Rustock botnet has been created to replace the bots that it has lost. This usually involves a new version of the Trojan code being deployed, which at first appears as a new, unknown botnet. I would expect the botnet to grow again over the coming weeks and months.”
In the meantime, Rustock has turned off its use of TLS encryption because it of the large amount of computing resources it consumes, Wood said. By turning off TLS encryption, the botnet can send great volumes of spam – in this case, to the tune of 192 spam e-mails per minute instead of 96.
At its peak in March, TLS-encrypted spam accounted for 30 percent of spam from all sources and as much as 70 percent of spam from Rustock. That percentage of TLS-encrypted spam has declined to less than 0.5 percent of all spam.
Outside of Rustock, the Grum and Cutwail botnets were responsible for 16.36 and 6.99 percent of all spam, respectively. First identified in 2007, Cutwail sends more malware than any other botnet, usually in the form of a zip file attachment, the report notes.
Geographically, the U.K. was responsible for 4.5 percent of the world’s spam during the month, more than double its percentage from April. It is now the fourth most frequent source of spam behind the U.S. (number one), India and Brazil, respectively.
The U.S. is home to the most bots, with most belonging to the Rustock, Storm and Asprox botnets. Some 14 percent of the Rustock bots are in the United States, up from seven percent in April.
The global ratio of spam in e-mal traffic was 1 in 1.08 e-mails (92.2 percent), the researchers found. Nearly 18 percent of spam came from yet-to-be-classified botnets. Phishing activity also inched up .1 percent to 1 in 363.1 e-mails.
“Computers are not like washing machines or televisions - they need constant maintenance, upgrading and patching,” Wood said. “Security is often left to the end user, and the growth or social networking and user generated content has also made it easier for the criminals to take advantage of people's willingness to be open and share information.”
__________________