Spam Volumes Increase Again, Soon To Be Powered By At Least 10 Millions Of Infected Conficker Bots
Spam levels are back to 80-90 per cent of their volumes prior to the takedown of infamous junk mail-friendly ISP McColo in November 2008. Infections as a result of the infamous Conficker (Downadup) worm have peaked at around the 10m PC mark. The infected systems are most likely to be abused to send spam.
Spam levels are up 4.9 percentage points since December 2008 to 74.6 percent, reaching levels close to those prior to the McColo takedown, according to an analysis by MessageLabs published on Monday. Mega-D (Ozdoc) botnet is making the largest single contribution to junk mail levels, sending more than 26m spam emails per minute. The Cutwail (Pandex) remains the largest active botnet with more than 1m active IPs this month. MessageLabs is yet to see any junk mail from machines compromised by the Conficker worm.
Variants of Conficker use a variety of methods to spread, including exploiting the MS08-067 vulnerability in the Microsoft Windows server service patched in October. Once it gets a foothold within corporate networks, Conficker is programmed to spread across local area networks. The worm also spreads between infected USB sticks and Windows PCs. Compromised Windows PCs are turned into drones in a botnet, programmed to phone home through a changing series of servers. Latest educated guess of the size of the botnet is 10m strong as of Friday, 23 January, 1m up on the 9 million of the week before.
That still leaves the huge problem of cleaning up infected systems, preferably before they are abused to send spam or other malfeasance. The Conficker botnet remains dormant at the time of writing. F-secure stresses that its latest estimate is at best an educated guess, because of a number of factors that make estimating the size of the botnet problematic.
Some countries are being more heavily hit by the zombie epidemic. China, Russia and Brazil account for 41 per cent of infected IP addresses, F-secure reports. By comparison, only one in 100 infections stems from an infected machine in the United States.
The spam run seeks to promote websites while also seeking to validate email addresses for later, possibly more insidious, junk mail runs. The junk mail messages in this case are not in themselves pointed at malware and don’t point to malware infected sites – at least not yet.
Conficker represents a return to the network worms such as Nimda, Sasser and Blaster. Reasons for the return of the problem after years of dormancy have been unclear, maybe writing network worms is too much hard work and requires professional coding skills.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.