Implications of increasing malicious spam

Recent data from the Symantec monthly spam report suggests that the percentage of spam containing malware has increased. In September 2009, an average of 1.3 percent of all spam messages contained malware. When compared with August 2009, this equates to a nine fold increase in the number of messages containing malware month on month. The number of messages containing malware actually hit a peak of 4.5 percent of all spam at one point during September.

While the single digit increase may seem relatively small at first, the consequences of this rise is quite significant when you consider that 86.39 percent of all email messages in September 2009 were spam.

Additional implications include:

1. An increase in attached malware contributed to an increase in the average spam message size. From the spam attack vectors chart below an increase in attachment spam can be observed in September 2009. Also, in September, spam messages with a size greater than 10k increased by 5 percent while spam messages that had an average size between 0-2k dropped by 7 percent. Larger messages cause a significant burden on IT resources and can delay the delivery of legitimate messages from reaching their intended users.

2. Over the past year, a number of ISPs have been taken offline for hosting botnet activity. For example, at approximately 21:30 GMT on November 11, 2008, multiple upstream network providers shut down access to McColo.com hosted systems, based on abuse complaints. One of the results of this action was a quick and dramatic decrease in spam sent worldwide. While spam levels have recovered, the distribution of malware and the possible infection of some machines enables a shift in botnet activity to take place as various botnets fight for position.