2008 Off to a Fast Start
Rootkits, and Spam, and Pharming! Oh My!
Nice to be back!
Between our webmaster working on a new blogging tool for me to use and the first of three Messaging Anti Abuse Working Group (MAAWG) meetings for the year in San Francisco last week (I am now Chairing the Botnet/Zombie Subcommittee), I've not had nearly the time that I normally have for blogging over the past couple of weeks. I've been queuing up topics in the meantime though so we should be back on our regular posting cadence now.
In comparison to most previous years, 2008 is off to a pretty fast start as it relates to spam and malware. Save for last year when the Storm Worm started January off with a bang, the months of January to April are typically a bit slow from the perspective of new worms, malware, and spam volume. The primary reason for this "slow season" is that a good number of your malware writers are of high school/college age. Those folks are in school or otherwise occupied during the early months of the year. Come May or thereabouts, schools start letting out for the summer, kids find themselves with more idle time, and the flood of malware and spam begins. Infections rise, spam levels rise, and things quickly start hopping around our TOC.
2008 has somewhat bucked the trend in that regard as we have seen a number of developments just in the first two months of the year alone: MBR Rootkits, Drive-By Pharming, and continually high spam volumes which normally drop off by as much as 30% after the first of the year. In fact, the spam volumes that we have been observing this week are UP about 20% from any other week so far this year!
We've also seen social engineering tactics like Fake Microsoft updates with links to malware and IRS phishing scams claiming that you are due a refund from the IRS that will be gladly credited to your credit card if you provide them with your card number (not new tactics, but worth noting nonetheless) as well as Google spam (email with links to Google search results which forward you to sites that have abused Google's PageRank system).
Google spam is currently accounting for around 100,000 messages per hour that we are seeing in our Threat Operations Center. Although this doesn't represent a significant percentage of volume, it is the most prevalent spam tactic that we are currently observing. Compare that to IRS phishing which we are currently seeing at a rate of less than 100 per hour.
If the first two months of 2008 are any indication of what the rest of the year will be like, perhaps it is appropriate that it is the year of the rat according to the Chinese calendar :)
Between our webmaster working on a new blogging tool for me to use and the first of three Messaging Anti Abuse Working Group (MAAWG) meetings for the year in San Francisco last week (I am now Chairing the Botnet/Zombie Subcommittee), I've not had nearly the time that I normally have for blogging over the past couple of weeks. I've been queuing up topics in the meantime though so we should be back on our regular posting cadence now.
In comparison to most previous years, 2008 is off to a pretty fast start as it relates to spam and malware. Save for last year when the Storm Worm started January off with a bang, the months of January to April are typically a bit slow from the perspective of new worms, malware, and spam volume. The primary reason for this "slow season" is that a good number of your malware writers are of high school/college age. Those folks are in school or otherwise occupied during the early months of the year. Come May or thereabouts, schools start letting out for the summer, kids find themselves with more idle time, and the flood of malware and spam begins. Infections rise, spam levels rise, and things quickly start hopping around our TOC.
2008 has somewhat bucked the trend in that regard as we have seen a number of developments just in the first two months of the year alone: MBR Rootkits, Drive-By Pharming, and continually high spam volumes which normally drop off by as much as 30% after the first of the year. In fact, the spam volumes that we have been observing this week are UP about 20% from any other week so far this year!
We've also seen social engineering tactics like Fake Microsoft updates with links to malware and IRS phishing scams claiming that you are due a refund from the IRS that will be gladly credited to your credit card if you provide them with your card number (not new tactics, but worth noting nonetheless) as well as Google spam (email with links to Google search results which forward you to sites that have abused Google's PageRank system).
Google spam is currently accounting for around 100,000 messages per hour that we are seeing in our Threat Operations Center. Although this doesn't represent a significant percentage of volume, it is the most prevalent spam tactic that we are currently observing. Compare that to IRS phishing which we are currently seeing at a rate of less than 100 per hour.
If the first two months of 2008 are any indication of what the rest of the year will be like, perhaps it is appropriate that it is the year of the rat according to the Chinese calendar :)
Posted by smasiello at 10:50 AM | Link | 0 comments
Comments
No comments found.
