New botnets hitting the net, Oz spam levels higher than global average

Peter Dinham
Thursday, 01 October 2009 07:24

Business IT - Security

“Furthermore, an analysis of older domains, those that have been registered for more than three months and compromised to serve malware, indicates that the majority, 90 percent, of these websites are taken down after 138 days, much longer than their younger counterparts.

MessageLabs Intelligence found that overall, 80 percent of domains being blocked as malicious for serving up malware are in fact compromised, legitimate websites.”

Wood warns that it is of “greater benefit to an attacker to compromise a legitimate website as opposed to setting up a newer, specialized domain to serve up malware,” and, he adds, “fundamentally, using legitimate websites to spread malware reduces the labor for the cybercriminals and extends the lifetime of the malware. Moreover, by taking advantage of the Add Grace Period, a policy that allows scammers to register a domain at no cost and cancel after five days, ‘domain tasting’ and ‘domain kiting’ have become common practice for cybercriminals, allowing them to beat the system without ever paying for malware distribution.”

On spam, Symantec says that in September this year, the global ratio of spam in email traffic from new and previously unknown bad sources was 86.4 percent (1 in 1.2 emails), reflecting a 2.1 percent decrease since August. Spam levels for Q3 2009 averaged 88.1 percent, compared with 81.0 percent for Q3 2008.

And, with viruses, Symantec says the global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 399.2 emails (0.25 percent) in September, a decrease of 0.09 percent since August. Also in September, 39.8 percent of email-borne malware contained links to malicious websites, an increase of 22 percent since August, while in Q3, email-borne malware activity averaged 1 in 330.3 emails compared with 1 in 122.5 for Q3 last year.

Symantec also found that an analysis of web security activity showed that 12.3 percent of all web-based malware intercepted was new in September, an increase of 0.4 percent since August, and it identified an average of 2,337 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 33.4 percent since August.