Botnet Warning As Spammers Prep For Holiday Season

Security expert are warning that new botnets are on the way after recording a rise in virus activity in the third quarter

Users are being warned to be viligant after security researchers said that spammers are firing off large amounts of malware-laden spam in order to build up new botnets, just in time for the holiday season.

The Google Postini Services team analysed spam and virus data collected during the third quarter by Google’s security and archiving services, powered by Postini. The results, posted on the Google Enterprise Blog, found an abnormally high volume of virus activity in August while overall spam dropped July to September after several botnets were shut down.

Alarming Rise

There was a 241 percent increase in virus volumes in August over July and nearly double the volume from August 2009, wrote Adrian Soghoian and Adam Hollman. In comparison, spam volume was relatively constant during the quarter, with dips in August and September, according to the post. Virus activity was also high – 188 million viruses were blocked in a single day, a record – noted the researchers.

August also had the greatest recorded surge in viral activity since 2008, far surpassing October 2009 when Mega-D infected more than 250,000 computers worldwide before being shut down, Soghoian and Hollman wrote.

Readying Botnets

The recent increase in viral activity could be a sign that spammers are building new botnets by taking over more computers, just in time for the holiday sales and increased online shopping, speculated the researchers. Consumers will be looking for deals and discounts and shopping more online, and may be particularly vulnerable to shopping-related scams.

Security researchers have often seen a correlation between spam, malware campaigns and seasonal consumer spending patterns, according to the post.

The researchers said the scammers continue to use familiar tactics, including spoofing major brands, celebrity gossip and fake financial transactions in their virus-laden messages. There was a new tactic, where previously sent emails were taken from the hard drives of infected computers and resent, fooling many recipients because the wording and content is familiar.

Other malware trends in September included an increased number of .zip and .html attachments containing malicious JavaScript code, and shortened URLs linking back to malicious websites. Spammers take advantage of users getting used to seeing URLs that mask the final website address on their social networks and trick them into clicking harmful links.

There was also an upswing in the number of Non-Delivery Report/Receipt messages with malicious JavaScript embedded, the post said. As a “hybrid” between virus and spam messages, these attacks directed users to a malware site or stealthily downloaded software in the background.

“As always, be on the lookout for suspicious email language and exercise extreme caution when clicking on links,” cautioned the post.