Commtouch, which specialises combating Internet fraud, has released its 2Q08 Email Threats Trend Report. Based on the automated analysis of billions of email messages weekly, Commtouch's report examines recent trends in email threats, especially the role of millions of dynamic zombie computers actively sending spam and malware every day.
Highlights of the report include:
-
top domains with the most infected machines (aka zombies) are Telecom Italia, Brasil Telecom, and Verizon;
-
spam levels throughout 2Q08 averaged 77%, ranging from a low of 64% to a peak of 94% of all email towards the end of the quarter;
-
10 million zombie IP addresses are active each day on average;
-
Turkey is number 1 with 11% of all zombies. The USA drops to 9th place in the global ranks of zombies;
-
pharmaceutical spam is the most popular topic, comprising 40% of all spam;
-
phishing scams took advantage of the higher education community, as well as Google adwords users;
-
spammers experimented with vertical display in Chinese-language spam (I never did trust those Chinese horizontal types - Editor).
Amir Lev, Commtouch’s CTO and President, concludes: “Zombie networks or ‘botnets’ have become so enormous and agile, they are flooding email with increasingly malicious threats...Many technologies attempt to identify and block email from senders known for sending malicious content but they are not updated rapidly enough to keep up. By the time these lists are updated the threat has shifted to another set of zombies, leaving customers unprotected. On the one hand, ISPs have an obligation to protect their customers from unwanted email; however, they also have a responsibility to ensure that their customers are not a source of unwanted email by being part of these botnets.”
Commtouch states that: "its Recurrent Pattern Detection technology identifies and blocks email threats, including increasingly malicious malware and phishing outbreaks. Dynamic detection of zombie IPs provides effective protection against zombies, without causing high false positives."
Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering at the ISP level.
More info, including samples of spam and malware messages:
