Rustock remains the most dominant botnet, with more than 44 billion spam emails per day
Spam from botnets accounted for 88.2% of all spam and the average spam levels in 2010 increased by 1.4% and reached 89.1%, compared with spam levels in 2009, according to a report from Symantec.
The spam rates increased at 92.2% in August 2010 when the Rustock botnet was aggressively seeded by new malware variants and was put to use, lending to an overall increase in spam activity for the year.
The report, MessageLabs Intelligence 2010 Security Report, revealed that by the end of 2010 a reduction in the contribution of botnets to spam, to 77% of spam, resulting from the closure of spam affiliate, Spamit, in early October 2010.
However, by the end of 2010, the number of active bots remained same as at the end of 2009, increasing 6% in the latter half of 2010.
The analysis also revealed that the total number of botnets worldwide is between 3.5 and 5.4 million.
The report predicted that in 2011 botnet controllers will resort to employing steganography techniques to control their computers, by hiding their commands in plain view perhaps within images or music files distributed through file sharing or social networking webites.
This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure thus minimising the chances of discovery.
Although 2010 has experienced fluctuation in the number of botnets and their associated output, the top three botnets have not changed in the latter half of 2010.
Rustock remains the most dominant botnet, with its spam output having more than doubled since last year to over 44 billion spam emails per day and more than one million bots under its control while Grum and Cutwail are the second and third largest respectively.
Cutwail and Grum have also been responsible for an increase in the volume of malware being sent in spam from botnets.
The report revealed that one noteworthy security threat in 2010 was the ‘Here You Have’ virus which on September 9, 2010 used old mass-mailer techniques to send malicious emails, peaking at 2,000 emails blocked per minute.
For 2010, the average number of new malicious websites blocked each day rose to 3,066 compared to 2,465 for 2009, an increase of 24.3%.
The annual average global spam rate was 89.1%, an increase of 1.4% on the 2009.
Further, in August, the global spam rate peaked at 92.2% when the proportion of spam sent from botnets rose to 95% as a new variant of the Rustock botnet was seeded and quickly put to use.
The average rate for malware contained in email traffic in 2010 was 1 in 284.2 emails (0.352%) almost unchanged when compared with 1 in 286.4 (0.349%) for 2009.
There were 339.673 different malware strains identified in the malicious emails blocked, which represents more than a hundred-fold increase over 2009 and is due to growth in polymorphic malware variants.
In 2010, the average ratio of email traffic blocked as phishing attacks was 1 in 444.5 (0.23%), compared with 1 in 325.2 (0.31%) in 2009 and approximately 95.1 billion phishing emails were projected to be in circulation in 2010.