Spam and botnet infections are soaring, warns MessageLabs

And, since late October is the unofficial start to the holiday season - at least in the US - the IT security software vendor says that the criminals behind the largest botnets - Cutwail, Rustock and Donbot - are already starting to push holiday-themed spam into inboxes.

Some, says the report, are even starting to push holiday themed spam for the 2010 holidays, like Valentines Day.

Delving into the report reveals an increase in Halloween-themed spam throughout the month of October, peaking at 500 million emails circulating on a daily basis towards the end of October,.

The report also noted that the majority of Halloween-themed emails have originated from the Rustock and Donbot botnets and appear to be pushing pharmaceutical or software products

According to MessageLabs, phishing runs purporting to be from Her Majesty's Customs and Excise experienced a surge during October, accounting for 81% of all phishing emails on October 13 - one of the largest ever HMRC phishing runs.

On top of this, the October report noted that Christmas and Thanksgiving related spam has started to appear early this year, mostly originating from the Cutwail botnet and trying to sell replica watches.

Paul Wood, MessageLabs' intelligence senior analyst, said that: "As is typical with spammers this time of year, we are seeing them try to capitalise on the holiday season."

"Although they may be a bit overzealous, spamming is a numbers game and the spammers have certainly succeeded with volume thus far. Perhaps their early-bird approach is an attempt to compete with the other botnets and get in early to maximise their chances of success," he added.

According to Wood, when it comes to phishing runs, "we have seen a significant shift in the bad guys' approach."

"Not only are they experimenting with different languages, they are also turning their attention to targetting online services like web-based email in addition to the financial sector."

"The reason is likely due to the widespread use of email addresses used to authenticate other sites such as social networking, retailing and auction sites."

MessageLabs said that analysis of internet malware activity shows that 37.6% of all web-based malware intercepted was new in October, an increase of 4.1% since September.

MessageLabs added that it also identified an average of 3086 new websites per day harbouring malware and other potentially unwanted programmes such as spyware and adware, an increase of 32.1% since September.

What’s Hot on Infosecurity Magazine?