Botnet army' behind tenfold rise in 'attachment' spam

Stuart Corner
Sunday, 05 August 2007 10:54

Business IT - Security

According to Internet security company, Marshal, a single spam group controlling a vast network of tens of thousands of botnet computers has been able to single-handedly produce, almost overnight, a tenfold increase in the amount of 'attachment' spam flooding the Internet.

For the week to August 2, Marshall reported that spam containing attached PDF, Excel, Text and ZIP files represented almost 25 percent of all spam, up from just two percent in the prior week.

Marshall said that the surge in 'attachment spam' also corresponded with the continued decline of the previously dominant form, image spam, which in the same week fell to a 12-month low of just six percent of all spam.

"The latest statistics would suggest that spammers are increasingly favouring PDF spam over image spam," said Marshal's Bradley Anstis, director of product management. "However, spammers are also experimenting with a range of other attachment types in an attempt to identify which is most effective.

He told iTWire: "The key reasons why the shift happened so quickly was because of spam sending botnets (aka spambots). The spam group behind this increase is in control of an enormous spambot and when they choose to make a change they can alter the make-up of the spam landscape immediately.

"No one but the spam group knows how many PCs they can control with this spambot, it is assumed to be a high five figure number. If each of the PCs is instructed to send 200-300 spam messages containing a PDF attachment the spammers can send hundreds or millions of spam messages in a day - equivalent to 25 percent of all spam sent on a given day."

Anstis explained: "The bot receives instructions from a 'command & control' server and checks back periodically for new data. All the spammers have to do is press a few buttons and they can start sending pink spam with pictures, flowers and happy valentine's messages. The next day they can turn around and send millions of spam with a totally different message and make-up. For them it is entirely automated set-and-forget system."