Q3’10 spam & virus trends from Postini
Monday, October 18, 2010
Editor's note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, that process more than 3 billion email messages per day. More than 50,000 businesses and 22 million users use Google Postini Services to protect themselves from a range of email and web-borne threats.
Q3’10 spam and virus trends confirm that spammers are still hard at work distributing malicious content in new and creative ways. August saw a massive 241% increase in virus volume over July, representing the greatest recorded surge in viral activity since 2008. Overall, payload virus volume increased 42% over Q2’10 and 10% over Q3’09, while spam levels decreased 16% and 24% over the same periods, respectively. The spike in malware attacks during August suggests that we might see higher levels of spam moving forward into Q4 as botnet “seeds” planted during this time begin to take action.
By the numbers
Overall, spam volume stayed relatively constant throughout Q3, with a slight dip in August and September. In comparison to the same time in 2009, spam levels are down 24%. This may be attributed to some recent botnet takedowns, such as the partial Pushdo shut down, or point to a generally slower summer season for spam.
However, payload virus levels shot up to record-high levels in August. In comparison to August of 2009, we saw a 111% percent increase in volume overall. What is more remarkable, though, is that this August saw the highest registered number of viruses blocked in a single day: 188 million. This virus surge is even more pronounced than last October’s, when Mega-D, a top-ten botnet, infected over 250,000 computers worldwide before being shut down by a carefully orchestrated campaign by security professionals. This recent increase in viral activity could indicate a “gearing up” as spammers attempt to construct botnets in time for the holiday season and increased consumer spending. With the commercialization of spam in 2006, we’ve often seen a correlation between spam, malware campaigns, and seasonal consumer patterns.
The actual content of this virus wave consisted mainly of traditional spoofing of major brands, along with a new tactic involving recycling previously sent emails taken from the hard drives of infected computers. This new method is more difficult to detect as the wording and content is familiar to the recipient. As always, be on the lookout for suspicious email language and exercise extreme caution when clicking on links. Features in Gmail such as authentication icons can go a long way in protecting your computer, but it’s important to be aware and mindful of these new viral activities when managing your inbox.
An interesting and unusual trend has been in the sizes of the individual viruses being transmitted. Particularly, we’ve seen some irregularly sharp peaks in size throughout September, following the surge in total numbers during August. This could be due in part to increased use of .zip and .html attachments containing malicious JavaScripts. Overall, virus traffic continues to be strong and users need to be on high alert when handling suspicious messages. Postini Services customers are strongly encouraged to enable the Early Detection Filtering functionality in order to ensure maximum protection from zero day virus threats.
Shortened URLs can mask suspicious links
This quarter we detected an increased volume of emails containing shortened URLs linking to suspicious websites. Spammers are increasingly making use of services that shorten URLs as a way of masking the destination website to the user. With the widespread proliferation of shortened URLs, particularly among blogging sites and social networks, it has become increasingly important to remain vigilant and skeptical when evaluating URLs. A shortened URL sent from a “friend” might seem innocuous enough, but, as always, links and emails sent from unknown senders should be scrutinized before further action is taken.
Beware false financial transaction messages
We continue to see false notifications claiming to be sent by various financial authorities. Spammers will frequently send their targets a simple yet authoritative message alerting them of a rejected or unauthorized transaction, then provide a false link directing them to a website. The format of these emails is often simple and innocuous, making it difficult to ascertain the malicious content from a quick glance.
Continued use of NDRs
Non-Delivery Report/Receipt (NDR) are legitimate messages used to alert users that a sent email has not been delivered correctly. Back in July we noticed an upswing in false NDRs bearing malicious JavaScript. As a hybrid between virus and spam messages, these messages were in reality obfuscated JavaScript attacks, directing users to a particular website or initiating an unexpected download. The user is often unaware of the attacks, making these messages particularly dangerous and difficult to detect. However, Google’s vast network and patented filtering technology was able to detect these messages early on and respond quickly. The Postini-Anti-Spam-Engine (PASE) was immediately updated in response and has been protecting users throughout Q3 from the continued use of false NDRs.
Fake celebrity gossip
Although August was a slower month in terms of overall spam volume, we saw a substantial spike in messages claiming to break the news of untimely and sudden deaths of various high-profile celebrities. The messages referenced a zip file that in turn contained a virus. These messages, similar to various classic phishing scams involving “friends” in need, attempt to pique a user’s interest with an alarming subject line and content. This has proven to be a successful tactic – hence its continued popularity – as users will often open an email instinctively in response to a particularly emotional or compelling subject line. In response to these attacks, our engineers have developed and released filters designed to combat new spam waves.
Stay safe with a cloud-based security solution
Postini’s hosted email security solutions provide comprehensive spam and virus filtering in the cloud – before they reach the network level. Google’s vast network filters billions of messages a day from all over the globe, creating a “network effect” that allows Google to identify emerging threats and respond early.
For more information on how Google Postini Services can help your organization remain safe, compliant, and spam-free, please visit www.google.com/postini.
Q3’10 spam and virus trends confirm that spammers are still hard at work distributing malicious content in new and creative ways. August saw a massive 241% increase in virus volume over July, representing the greatest recorded surge in viral activity since 2008. Overall, payload virus volume increased 42% over Q2’10 and 10% over Q3’09, while spam levels decreased 16% and 24% over the same periods, respectively. The spike in malware attacks during August suggests that we might see higher levels of spam moving forward into Q4 as botnet “seeds” planted during this time begin to take action.
By the numbers
Overall, spam volume stayed relatively constant throughout Q3, with a slight dip in August and September. In comparison to the same time in 2009, spam levels are down 24%. This may be attributed to some recent botnet takedowns, such as the partial Pushdo shut down, or point to a generally slower summer season for spam.
However, payload virus levels shot up to record-high levels in August. In comparison to August of 2009, we saw a 111% percent increase in volume overall. What is more remarkable, though, is that this August saw the highest registered number of viruses blocked in a single day: 188 million. This virus surge is even more pronounced than last October’s, when Mega-D, a top-ten botnet, infected over 250,000 computers worldwide before being shut down by a carefully orchestrated campaign by security professionals. This recent increase in viral activity could indicate a “gearing up” as spammers attempt to construct botnets in time for the holiday season and increased consumer spending. With the commercialization of spam in 2006, we’ve often seen a correlation between spam, malware campaigns, and seasonal consumer patterns.
The actual content of this virus wave consisted mainly of traditional spoofing of major brands, along with a new tactic involving recycling previously sent emails taken from the hard drives of infected computers. This new method is more difficult to detect as the wording and content is familiar to the recipient. As always, be on the lookout for suspicious email language and exercise extreme caution when clicking on links. Features in Gmail such as authentication icons can go a long way in protecting your computer, but it’s important to be aware and mindful of these new viral activities when managing your inbox.
An interesting and unusual trend has been in the sizes of the individual viruses being transmitted. Particularly, we’ve seen some irregularly sharp peaks in size throughout September, following the surge in total numbers during August. This could be due in part to increased use of .zip and .html attachments containing malicious JavaScripts. Overall, virus traffic continues to be strong and users need to be on high alert when handling suspicious messages. Postini Services customers are strongly encouraged to enable the Early Detection Filtering functionality in order to ensure maximum protection from zero day virus threats.
Shortened URLs can mask suspicious links
This quarter we detected an increased volume of emails containing shortened URLs linking to suspicious websites. Spammers are increasingly making use of services that shorten URLs as a way of masking the destination website to the user. With the widespread proliferation of shortened URLs, particularly among blogging sites and social networks, it has become increasingly important to remain vigilant and skeptical when evaluating URLs. A shortened URL sent from a “friend” might seem innocuous enough, but, as always, links and emails sent from unknown senders should be scrutinized before further action is taken.
Beware false financial transaction messages
We continue to see false notifications claiming to be sent by various financial authorities. Spammers will frequently send their targets a simple yet authoritative message alerting them of a rejected or unauthorized transaction, then provide a false link directing them to a website. The format of these emails is often simple and innocuous, making it difficult to ascertain the malicious content from a quick glance.
Continued use of NDRs
Non-Delivery Report/Receipt (NDR) are legitimate messages used to alert users that a sent email has not been delivered correctly. Back in July we noticed an upswing in false NDRs bearing malicious JavaScript. As a hybrid between virus and spam messages, these messages were in reality obfuscated JavaScript attacks, directing users to a particular website or initiating an unexpected download. The user is often unaware of the attacks, making these messages particularly dangerous and difficult to detect. However, Google’s vast network and patented filtering technology was able to detect these messages early on and respond quickly. The Postini-Anti-Spam-Engine (PASE) was immediately updated in response and has been protecting users throughout Q3 from the continued use of false NDRs.
Fake celebrity gossip
Although August was a slower month in terms of overall spam volume, we saw a substantial spike in messages claiming to break the news of untimely and sudden deaths of various high-profile celebrities. The messages referenced a zip file that in turn contained a virus. These messages, similar to various classic phishing scams involving “friends” in need, attempt to pique a user’s interest with an alarming subject line and content. This has proven to be a successful tactic – hence its continued popularity – as users will often open an email instinctively in response to a particularly emotional or compelling subject line. In response to these attacks, our engineers have developed and released filters designed to combat new spam waves.
Stay safe with a cloud-based security solution
Postini’s hosted email security solutions provide comprehensive spam and virus filtering in the cloud – before they reach the network level. Google’s vast network filters billions of messages a day from all over the globe, creating a “network effect” that allows Google to identify emerging threats and respond early.
For more information on how Google Postini Services can help your organization remain safe, compliant, and spam-free, please visit www.google.com/postini.