Targeted Malware Shows Massive Surge

Spam levels for 2010 peaked in August at 92.2 percent of all email worldwide, with the number of different strains of malware increasing more than a hundred-fold over 2009, according to a new report from Symantec released on Tuesday.

Targeted attacks, which focus on particular organisations, and which only emerged five years ago, also increased to around 77 each day by the end of 2010. The figures come from Symantec’s MessageLabs Intelligence 2010 Annual Security Report.

Fluctuating spam levels

Spam levels fluctuated throughout the year, peaking in August and averaging 89.1 percent, an increase of 1.4 percent over 2009, Symantec found.

For most of the year spam from botnets accounted for 88.2 percent of all spam, but that figure was reduced to 77 percent by the end of the year, following the closure of spam affiliate Spamit in early October 2010. By the end of the year the total number of active bots had returned to roughly the same as that at the end of 2009.

The total number of botnets worldwide is between 3.5 million and 5.4 million, Symantec said.

Rustock remains the dominant botnet, with spam output more than doubling since last year to more than 44 billion spam emails per day and more than 1 million bots under its control. Grum and Cutwail are the second and third-largest respectively.

The botnets made use of new tactics to keep their spam campaigns active in 2010, according to Symantec.

“From leveraging newsworthy events like the FIFA World Cup to taking advantage of the widespread popularity of URL shortening services and social networks, the spammers deployed a variety of tricks to bypass spam filters and lure potential victims,” said Symantec Hosted Services senior anayst Paul Wood, in a statement.

Polymorphic malware

The huge increase in malware variants is largely due to the growth in polymorphic malware variants, which are typically generated from toolkits that allow a new version of the code to be generated automatically, according to Symantec.

An example of this includes the Bredolab family of Trojans, which accounted for about 7.4 percent of all email-borne malware in 2010. Bredolab is “pay per install” malware, designed to seize control of the victim’s system so that it can be used by attackers or sold to another botnet.

Symantec noted that the boom in targeted attacks shows that more types of organisations are now being attacked.

“While five years ago large and well-known organisations were often targeted, today the scope of targeted organisations has expanded and now no organisation is safe from attack,” Wood stated.