Report: Cyberspace Becoming More Malicious

Online security company MessageLabs found that more than three-quarters of the e-mail messages it scanned in May were spam, an increase of 3.3 percent over the previous month, said Mark Sunner, MessageLabs' chief security analyst.

That number is not surprising given that one out of every 170 messages was found to contain some kind of malicious code, and 90 percent of that code is botware, which turns computers into spam-sending zombies, he added.

As the volume of unsolicited and often malicious e-mail steadily grows, a turf war is being fought behind the scenes by rival worms competing to build massive botnets.

Numerous variants of the Storm worm dominated the botnet underworld for 18 months until Microsoft's Malicious Software Removal Tool suppressed them earlier this year. But Storm has been replaced by another fast-changing Trojan -- Srizbi -- that now accounts for 40 percent of all spam, Sunner said.

"Srizbi is the new game in town," he said. "But Storm seems to be fighting back. We've intercepted two big waves."

Several new iterations of Storm have been found, but they do not appear to be producing spam yet, Sunner said. He predicted that it was only a matter of time before Storm botnets become established with the command and control networks needed to begin operating again.

For its intelligence report on online threats for May, MessageLabs scanned 2.5 billion Simple Mail Transfer Protocol connections and 1.5 billion Web requests each day.

The public sector ranked 15th in the amount of spam received, at 75.7 percent. The manufacturing sector was No. 1, with about 85 percent. But the public sector ranked third in the amount of malware in incoming traffic: one in every 107 messages, well above the overall average of one in every 170 messages.

"Government is a prominent target for malware" because of the amount of sensitive and valuable information available in electronic files and databases, Sunner said.

He said the increase in the overall level of malicious code in messages is disturbing. "In the year 2000, it was one in 2,500 and one in 1,500 in 2003," he said.

The increase in malware coincides with the growth of spam as a large-scale commercial enterprise linked to phishing and identity theft. That development, in turn, is tied to the adoption of broadband Internet connections in this country, which began taking off in 2003.

One of the newest wrinkles in spamming is to take advantage of free online document services.

"The spammers are starting to abuse some of the hosted document formats," such as Google Docs and Microsoft's SkyDrive free online storage, Sunner said. The spam e-mail simply has a link to an online document that contains the message. "E-mail filters don't follow links," he said, and they aren't likely to block messages from trusted names such as Google and Microsoft. The services also have the advantage of large amounts of bandwidth, so they are not likely to be swamped by blasts of spam.

Fortunately, as more security is moved into the fabric of the Internet, service providers will be better able to protect users from unwanted and malicious traffic, Sunner said. Unfortunately, it looks like there will be more of that traffic to protect us from.

About the Author

William Jackson is the senior writer for Government Computer News (