What is the speed of spam? 7.8 billion messages per hour!

Davey Winder
Tuesday, 12 August 2008 18:40

Business IT - Security

The key findings of the latest Marshal Threat Research and Content Engineering (TRACE) report for the first half of 2008 have just been published. Unsurprisingly, they make for some pretty ugly reading...

The security researchers at TRACE must be a pretty depressed bunch. After all, just look at the stuff they have to work with. No matter what security vendors do to try and stop them, the bad guys always seem to be at least one step ahead.

Take the TRACE report for the first half of this year, which was published earlier today. If that doesn't want to make you slit your virtual wrists then nothing will.

If if was not bad enough that cyber-criminals are now using blended attacks to distribute their malware to otherwise legit websites via email on what TRACE refers to as "an unprecedented scale" there is the small matter of idiot users with insecure web browsers to ponder.

The report reckons that unpatched, and therefore insecure, web browser clients are putting more than 45 percent of all Internet users at risk. Visit a legit site which has been compromised, and do so with an unpatched browser, and you are in for a rough ride.

The TRACE team employs a network of honey-pot accounts and bait machines to continuously monitor spam, phishing, botnet and malware activity. In the six months that ended in June 2008, what they saw was not at all pretty.

Spam volumes have doubled, and the Srizbi botnet alone was seen to be capable of pumping out an astonishing 7.8 billion messages an hour. That is probably worth repeating: 7.8 BILLION spams every single hour!

Srizbi itself is said to control some 315,000 or more infected machines. These alone send some 50 percent of all recorded spam, TRACE says.

Throw in the Rustock and Mega-D botnets, which are capable of generating around 14 percent of spam by volume each, and you start to get a feel for the scale of the spam problem.

Indeed, the TRACE team reckons that 90 percent of all spam can be tracked back to just seven botnets. The three previously mentioned being responsible for 75 percent of all the spam on the planet. Rustock, in fact, has recently overtaken Srizbi as the most prolific of spamming botnets.

Bradley Anstis, VP of Products with Marshal said "Spammers are moving en masse to the Web and distributing malware on a scale not seen before. In our view, the use of botnets to launch mass website attacks is the most concerning issue to arise so far in 2008. We are now in the situation where spam accounts for almost 90 percent of all email and increasingly contains links to infected sites."