Is new spam scourge coming, as botmasters repopulate networks?
Have you noticed a decline in spam reaching your inbox? Sadly, the respite won't last long. More spam is coming your way.
Today, McAfee Labs released its First Quarter 2011 Threat Report, and there's good news. Spam volumes are considerably lower and it's because of some significant law enforcement victories. Among them: In march, law enforcement, working with Microsoft, took down the Rustock botnet and with it a big chunk of the zombie/bot population.
But that little tick up at the end of the curve in the chart above is the sign of botmasters repopulating their networks. "Many botnets are in position to fill the gap left by Rustock's decline," according to the report. "Aside from sending spam, botnets can control a variety of cybercrime -- such as denial-of-service attacks, malware distribution and installation, and hosting phishing sites. Thus the information security community must remain vigilant."
McAfee highlights other trends that also are not good. One of the more mature areas in malware are banking Trojans which, for some time, have been dominated by implementations of Zeus. These programs log keystrokes and steal whatever other data they can glean off the system.
This quarter both Zeus and Trojans based on the SpyEye kit are sending out similar lures for other types of organizations: The U.S. Postal Service, UPS and the Internal Revenue Service, among others.
SpyEye has taken the lead since Zeus development ended recently. Among its impressive new features are:
- Spreading via USB thumb drives
- Spreading via chat/instant messaging
- Capturing credit card numbers during an online transaction
- Grabbing Firefox certificates
- Spoofing HTTP and HTTPS content (for capturing and modifying online banking websites)
- Launching DDoS attacks against a target using SYN or UDP floods
- A diagnostic tool for SpyEye developers to gather remote debugging information from clients.
Don't be surprised if in three months if the next McAfee quarterly security report shows bot levels moving back up, but I think over the long term things will tend to get better. Security tools are getting better in ways that will make protection stronger and more than strong enough, at least for users who care enough to make sure they have it.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.