MessageLabs Intelligence March and Q1 2008: Storm Botnet Responsible for One Fifth of All Spam and Targets Male Insecurities

MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for March 2008. Analysis highlights that the prolific Storm botnet is responsible for 20 percent of all spam in the first quarter of 2008, with messages selling male enlargement drugs accounting for 41 percent of its efforts. In addition to spam, MessageLabs has intercepted more than four million emails from the Storm botnet since January containing links to malware or aimed at launching phishing attacks.

"Storm celebrated its first birthday at the start of the year and commemorated the anniversary with a significant run of nostalgic spam. More than 78 percent of the spam it spewed out this quarter was either focused on male enlargement drugs, replica watches or spam of a sexual nature," said Mark Sunner, Chief Security Analyst, MessageLabs. "Storm's focus on spam seems to be just the tip of the iceberg as emails containing malware and phishing attacks from the Storm botnet are now growing in numbers."

Other nostalgic events within the spam landscape this month include the appearance of stick-man art within a new image-spam campaign. The amateur-looking artwork, advertising the weight loss drug Hoodia, is the first of its kind and although the spam run looks the same, the images and subject lines frequently change in order to evade traditional signature detection.

MessageLabs Intelligence also highlights the change in the perception of social networking sites within the business environment with 11 percent of companies now blocking access specifically to Facebook compared to three percent who have pro-actively set up rules to allow access.

"Businesses are now becoming wise to the possible impact of social networking and pro-actively raising their defense barriers against data loss, threats and employee productivity," Sunner said. "Moreover, the possibility of spoofing Facebook accounts is no longer an impossible notion and may be the next major aspect in identity theft."

Other report highlights:

Web Security: Analysis of Web security activity shows 9.2 percent of all web-based malware intercepted was new in March. MessageLabs also identified an average of 595 new sites per day harboring malware and other potentially unwanted programs such as spyware and adware.

Spam: In March 2008, the global ratio of spam in email traffic from new and previously unknown bad sources was 73.8 percent (1 in 1.36 emails), an increase of 1.1 percent on the previous month. Spam levels for Q1 2008 are 1.1 percent lower than Q4 2007 and 3 percent lower than Q1 2007, but 14.1 percent higher than the same period in 2006.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was 1 in 169.2 emails (0.59 percent) in March, a decrease of 0.36 percent since the previous month. Virus levels for Q1 2008 are 0.72 percent higher than for Q4 2007 and 0.06 percent lower than Q1 2007. Virus levels are 1.47 percent lower than the same period in 2006.

Phishing: March saw a decrease of 0.57 percent in the proportion of phishing attacks compared with the previous month. One in 228.7 (0.44 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had fallen by 13.5 percent to 74 percent of all email-borne malware threats intercepted in March. Phishing levels for Q1 2008 are almost unchanged since Q4 2007. Compared with Q1 2007, phishing levels are 0.14 percent higher and 0.34 percent higher than Q1 2006.

Geographical Trends:

--  In March, spam levels in Switzerland rose by 6.15 percent since
    February, surpassing levels in Hong Kong where they fell by 0.76 percent
    during the same period.
--  Spam levels in the US were 70.7 percent in March, 69.1 percent in
    Canada and 61.1 percent in the UK.  Germany's spam rates reached 70.1
    percent and 68.6 percent in the Netherlands. Australia experienced levels
    of 61.3 percent, 66.8 percent in New Zealand, 68.8 percent in China and
    65.5 percent in Japan.
--  Virus activity fell across most regions in March, except in Austria,
    Italy and Sweden  where virus levels increased by less than one percent.
    The largest decrease occurred in Israel where virus levels fell by 1.2
    percent. Swizerland replaces Israel as the most targeted country for
    viruses even with a 0.54 percent decrease in virus levels.
--  Virus levels for the US were 1 in 245.1 and 1 in 180.3 for Canada. In
    the UK, virus levels were 1 in 137.7 and 1 in 255.6 for Germany.  In
    Australia, virus levels were 1 in 215.7, and Japan reached 1 in 257.4.

Vertical Trends:

--  Spam levels fluctuated across several industry sectors rose in March,
    with Manufacturing and Education being the top two verticals targeted with
    the highest levels of spam with 82.1 percent and 80.4 percent respectively.
    The greatest rise was noted in the IT Services sector, where spam levels
    rose by 4.6 percent to 79.9 percent.
--  Spam levels for the Retail sector were at 78 percent,  70.6 percent
    for Public Sector,  69.5 percent for Chemical/Pharmaceutical and 68.1
    percent for Finance.
--  Similarly, virus levels for many industry sectors decreased during
    March. Education was the exception where virus levels rose by 0.06 percent.
--  Virus levels for the the Finance sector were 1 in 231.5, 1 in 232.2
    for IT Services and 173.5 for Retail.