According to a new report from PandaLabs, less than 10% of all e-mail delivered in 2008 was legitimate. If that number seems low to you, go hug your mail administrator. Most Internet users do not really understand how e-mail works behind the scenes. Many people I deal with don’t fully grasp how difficult it is to walk the fine line between protecting e-mail users from unwanted mail while at the same time making sure legitimate messages arrive in their inboxes.
The problems associated with managing spam issues on a busy mail server are beyond the scope of almost any individual. In addition to the commercial solutions that are advertised, there is a whole community of volunteer anti-spam activists who put their time, their sweat, and sometimes their money into sharing information in ways that benefit people they do not even know. The folks who contribute to projects like Spamhaus and SpamAssassin deserve all of our appreciation.
The new report from PandaLabs shows that while malware and viruses do play a role in the e-mail world, its dwarfed by the problems created by spammers. Out of 430 million email messages analyzed, 89.88 percent were spam and 1.11 percent were infected with some type of malware.
PandaLabs 2008 Mail Report
The report highlights a few items that shouldn’t surprise anyone. In 2008, the most common subject lines used by spammers were for pharmaceuticals and “sexual enhancers”. (I’m curious how ‘generic Viagra’ spam is classified by their system.) Despite the sub prime mortgage meltdown, ads for loans and mortgages still made up nearly five percent of last year’s spam. The graphical chart below was produced for distribution by PandaSecurity and can be found, along with lots of virus oriented screen shots at their Flickr feed.
Spam Chart by Subject
With respect to virus and malware laden messages in 2008, the Netsky.P worm was the most frequently detected malicious code. This type of malware activates automatically when users view the infected message through the Microsoft Office Outlook preview pane. It does this by exploiting a vulnerability in Internet Explorer that allows automatic execution of email attachments. The exploit of this vulnerability was detected by PandaLabs as Exploit/iFrame and was the third most frequently detected type of malware in emails by TrustLayer Mail.
“The fact that these two malicious codes often act in unison explains the high number of detections of both. Cyber crooks often launch several strains of malware with each exploit to increase the chances of infection, so even if users whose systems are up-to-date are immune to the exploit, they could still fall victim to infection by the worm if they run the attachment.” – Luis Corrons, Technical Director of PandaLabs
The Rukap.G backdoor Trojan, designed to allow attackers to take control of a computer, and the Dadobra.Bl Trojan were also among the most prevalent malicious code.
2008 Top Ten E-mail Malware
- Netsky.P.worm
- Bck/Rukap.G
- Exploit/iFrame
- Trj/Dadobra.BL
- Generic Malware
- Trj/Downloader.PSJ
- Trj/SpamtaLoad.DO
- Trj/Downloader.PWR
- Bck/Haxdoor.PL
- Trj/Spamtaload.DZ
And finally, if you were wondering where all this crap comes from, PandaLabs reports that much of this spam was circulated by the extensive network of zombie computers controlled by criminals. A zombie is a computer infected by a bot, a type of malware allowing cyber criminals to control infected systems. Frequently, these computers are used as a network to drive malicious actions such as the sending of spam. Just in the last three months of the year, 301,000 zombie computers were being put into action every day.
JD Thomas on Medford Watercourse
Will on Medford Watercourse
Caroyln Binam on Nicole Sandler - After Air America
Kaylee Baroody on Fact Checking Bill Maher on the Tea Baggers
Francis on Torresdale & Devereaux
Michael on Behold the Crazy - USJF Edition