The report from M86 declares “2009 will be remembered as the year that spam came back with a vengeance.” Indeed, according to M86’s stats, spam reached an estimated 200 billion messages per day in 2009, with five botnets producing 78% of these messages, and the top nine churning out nearly 90% of spam.
The volume of malicious spam hovered around the 600 million messages per day mark for the first half of 2009, but shot up to nearly 3 billion per day over the final six months of the year. M86 credits the fall of the McColo network as the primary reason for the decrease at the end of 2008, stretching into the first half of 2009. But, as its data show, it did not take long for spam volume to return to pre-McColo levels.
“At the time we compiled our report, both the Mega-D and Lethic botnets were taken over/taken down by security professionals”, said Bradley Anstis, VP of technical stragtegy for M86 Security.
But like a Romero zombie, it appears there is a bit of life left in these networks. “As recent as this week, we've observed that both Mega-D and Lethic have risen from the dead”, Anstis told Infosecurity via e-mail. “These criminal organizations have much at stake in terms of revenues, and therefore will not go down without a fight.”
“The botnets rule and are largely unhampered”, Anstis added. “They are the weapon of choice that serve to automate large-scale spam and web attacks.”
As for the most common form of spam, M86 provides evidence that pharmaceutical-related messages were the most popular, accounting for about 74% of all messages. This was by far the most frequent category of spam according to the report, with only one other sector, retail products, coming in at greater than 10%.
Software applications from Microsoft and Adobe were also among the most prevalent security treats in the latter half of 2009. Over the last six months of the previous year, M86 “observed an increase in the number of new zero-day vulnerabilities, targeting applications more than the operating systems themselves." M86 counted a dozen unique application flaws exploited by hackers over the time period, including Microsoft’s Internet Explorer and Office applications, and the popular Adobe Reader and Acrobat products.
M86 identified Adobe Reader attacks as perhaps the most daunting from a security perspective. “PDF attacks tend to be very effective, with some achieving as high as 50% success rate”, the report noted.
Twitter also emerged as one of the greatest security threats in 2009. M86 confirmed what many of us are all too aware of: criminals love to take advantage of the latest fad or trends to maximize the payoff. Shortened URLs often employed by Twitter users developed as a frequent attack method over the last half of 2009. As the report points out: “By masking the source URL behind a shortened URL, it is hard for an end user to determine what kind of content will be provided to them when they click through.”
Similar to email, Twitter spam can often come from compromised accounts, even from those who are among a person’s trusted contacts. “Users are more likely to click on links shared with them by senders they believe are their friends” said Anstis. To combat this risk, he suggests using browser extensions that reveal the complete URL, so users can make a more informed judgment about the content.