Botnet Blight: Hacked PCs Create 83.2% of Spam

Spammers continue to innovate, grow and become more sophisticated, with their networks of spam-spewing compromised PCs now accounting for an overwhelming majority of all spam on the Internet.

In a new report, Symantec’s MessageLabs unit reported that botnets now account for 83.2 percent of all spam, and that a recent crackdown still shows that bot technology is improving.

Whereas the shut down of bot-friendly ISP McColo severely disrupted the Srizbi botnet, the report from MessageLabs Intelligence noted that the Pricewert ISP shutdown by the Federal Trade Commission knocked out the Cutwail botnet only briefly.

“The fact that the [Cutwail] botnet was able to recover after only a few hours highlights the progress that spammers have made since November’s McColo shutdown,” the report said. “Clearly, spammers have learned the importance of having a backup for their command-and-control channels.”

The FTC’s hit on Cutwail had been aimed at taking out what’s considered the top spam botnet, according to the report — accounting for 45.8 percent of all spam in June, a total of 75,115,721,081 messages each day.

The report estimated that Cutwail is also the largest botnet, comprising between 1.4 million and 2.1 million compromised PCs before the FTC stepped in.

“Without a doubt, [Cutwail is] the biggest botnet around,” the report said, adding that the botnet is also one of the major distributors of Acai berry spam, described by MessageLabs Intelligence as “among its larger spam runs.”

The report also noted that upstart Darkmailer, with about 1,000 PCs, ran its bots the hardest in June, sending 590 spam messages per compromised PC per minute.

The report said that in addition to compromised PCs, spammers are using cracked Webmail accounts. It said that some use CAPTCHA-breaking technology to harvest Webmail accounts mechanically, but others use humans, advertising the work as a data processing job and paying workers two or three dollars per 1,000 accounts created. The report said that criminals can sell those accounts for $30 to $40 per 1,000 accounts.

Other warnings

The report warned that malware is being specially designed to attack health care IT. It said that e-mail borne malware attacks against the health care IT sector, which represent only part of the total number of attacks, have more than doubled since the start of 2009.

MessageLabs also warned that malware over IM is due to increase, and predicted that one in 80 IM users may expect to receive a malicious IM each month in 2009.

The report said that spammers are sending images that contain the URL of malware sites. Image spam now accounts for between 8 and 10 percent of spam intercepted by MessageLabs, the report said.

In geographical data, France saw the most rapid rise in spam as a percentage of e-mail in June, and Australia was the nation with the highest virus rate in e-mail. The latter finding correlates with a recent report from Finjan, which said that hacked accounts in Australia are the most valuable on one criminal network, where they sell for $100 per thousand accounts.