Spam – More Dangerous than Ever Before

Over 500,000 Spam E-Mails in the Laboratory Analysis

AV-TEST investigated a total of 550,000 e-mails that had been classified as spam prior to the analysis. Nearly 14,000 of these e-mails were infected, which corresponds to approx. 2.5 percent of the total number of e-mails analysed.

The institute used 90 monitored e-mail accounts to collect the spam e-mails for the study. Some of these addresses were published in forums and competition entries, which was like a kick-off point and resulted in the sending of dozens of e-mails to the accounts every day just a short while later.

A Multitude of Infected Attachments

A good 30,000 of the 550,000 spam e-mails analysed in the study contained an attachment and over 10,000 of these attachments, namely slightly more than 30 percent, were infected with malicious malware. 400,000 of the e-mails contained website addresses (URLs) alongside their content text. Nearly 1 percent of the links found in these mails with URLs led users directly to websites infected with malware, while the others were mostly fraudulent offers for counterfeit products such as pharmaceuticals.

The majority of the infected e-mail attachments involved the classic examples used for spam attacks, namely zip files, HTML documents and executable EXE, COM, SCR, BAT or PIF files. PDF files and images also continue to be used as popular infected objects. The study proved that almost all spam e-mails containing zip files are infected. This also applies to executable files such as EXE or PIF files, while over 80 percent of the HTML documents attached to spam e-mails in the study were infected.

Indian Spam Is Always Dangerous

Although most of the spam e-mails containing attachments analysed in the study came from the USA, only 15 percent of these were actually infected with malware. Attachments in e-mails sent from India, on the other hand, had an infection rate of 78 percent during the study, closely followed by e-mails with attachments from Vietnam with a rate of 77 percent.

Half of the 30,000 spam e-mails with attachments recorded in the study came from the USA, China, India and even Germany. The spam containing attachments from Germany, was, however, less dangerous with only 10 percent of the e-mails containing malware on the side.

25 Percent of Spambots Are Located in Offices

The study recorded the number of spam e-mails received on each day of the week and then carried out a final analysis after a period of 18 months. The results of the test showed that the amount of spam sent remained extremely consistent from Monday to Friday before reducing to 25 percent at the weekend, namely on Saturday and Sunday. The study therefore proves that 25 percent of all spambots are located in offices, where they are switched off at the weekend. The amount of spam sent then increases straight away on the Monday after the weekend.

The analysis of the spam e-mails according to the months in which they were received did not reveal any specific focuses. It only showed that the highest infection rate among the e-mails sent was recorded in July and August, but this did not indicate any sort of pattern.

Botnets – Active & Malicious

Virtually all spam e-mails are sent via PCs that are inconspicuously remotely controlled by botnets. The e-mails therefore always have different sender IPs, which makes it difficult for providers to identify suspicious messages according to their IP addresses.

When PCs infected by controlling Trojans are used, the infection remains perfidiously inconspicuous to their users. After all, these users should not be able to notice that somebody else is using their computer to send e-mails. The size of different botnets also ranges significantly. The networks deactivated in recent years contained a total of between 1 and 10 million controlled PCs. Although these computers were never all online at the same time, it only takes a few hundred thousand PCs to be able to send a multitude of spam e-mails in a very short time.

“Am I part of a botnet?” – Online Checks for Your PC!

The German Federal Office for Information Security has set up the website www.botfrei.de in cooperation with the Association of the German Internet Industry. This website contains a multitude of links to manufacturer sites that can be used to check whether PCs belong to a botnet.

Anti-Virus Software Protection

Using an up-to-date protection program on a computer virtually excludes the possibility that a malicious botnet can take control of the PC. Such protection programs are able to prevent this risk by using their scanners to identify rootkits and Trojans, the two favourite tools used by botnet operators. You can read about the latest tests to be carried out on the best protection programs for free at any time by visiting www.av-test.org.