Spammers Retool for Renewed Assault

The botnets responsible for so much spam appear to be in a rebuilding phase, but any respite is likely to be brief and new threats loom on the horizon, according to e-mail security firm MX Logic.

"Over the long haul, there is no reason to think that the decline is going to continue," said Sam Masiello, MX Logic's vice president of information security.

Botnets are networks of compromised computers, remotely manipulated through control servers without the knowledge of their legitimate users. They can be used to distribute malicious code to compromise other computers, launch denial-of-service attacks against online resources and harvest sensitive information. Spam probably is the most visible product of these botnets, however.

Spam volumes took a sharp dive in November with the shutdown of McColo, a hosting company based in San Jose, Calif. that was identified as the source of a lot of unwanted e-mail messages. Since then the volume has been coming back up, although MX Logic observed a small drop in February. The percentage of spam dipped slightly in February to 83 percent of all e-mail traffic, down from 85.2 percent in January. Total volume of spam decreased by about 5 percent over that time.

"The bot masters are trying to build their botnets back up," Masiello said. "There is a lot of variance even on a daily basis on how much spam is being sent and received."

Several significant new botnets have appeared, including Xarvester, Waledac and Donbot. But the darkest cloud on the horizon appears to be Conficker, a rapidly growing network currently estimated at 12.5 million nodes that so far has been relatively dormant.

"It's just sitting there," Masiello said. It appears to be building up its resistance with new malware variants updating the nodes in an effort to make it more difficult to track command and control communications with servers. "At this point they are trying to find a way to build a botnet that is more resilient," so that when it is activated it cannot be easily shut down. "It's very scary."

How it might be used is anyone's guess at this point, but spam is a likely possibility. In that case, "we could easily be at or exceed pre-McColo levels," Masiello said.

Another possible threat is the use of stolen personal data to create well-targeted spam campaigns. Data breaches continue to occur with millions of personal records being exposed on an almost monthly basis.

"They are likely going to be used for ID theft, mostly," Masiello said. But the data also could be used to tailor fraudulent e-mails that could be convincing enough to entice even wary recipients to visit malicious Web sites or download malicious code.

Targeted spam that is crafted for a particular recipient is a growing problem. Because it can have a more legitimate look and feel, it is likely to have a higher success rate than traditional mass mailings that can be more easily identified and blocked or avoided. But that does not mean that mass mailings are likely to disappear or even decrease.

"The spam model is an almost pure profit model," Masiello said. The overhead of sending out large volumes is so small that even a tiny fractional response rate can produce a profit.

So although the number of targeted spam e-mails is likely to increase, there is no reason to think the mass mailings will shrink, and all of the standard precautions such as not opening unexpected attachments and not clicking on links will continue to apply in the foreseeable future.

About the Author

William Jackson is the senior writer for Government Computer News (


  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.