Record levels of virus-laden spam emails hit the internet in the
third quarter following a six-month surge in total spam, says
Google.
Postini, which looks after Google's email security and
archiving, blocked more than 100 million viruses every day during
the attack.
Google's daily email traffic now totalled more than three
billion emails to more than 50,000 businesses and 15 million
business users, the firm said today in its
spam report for 3Q09.
Most (55%) of the viruses were contained in messages such as
fake notices of underreported income from the IRS. One-third were
fake package tracking attachments, which were already on the rise
in Q2, it said. The attacks dwarfed the Storm virus attack which
held the record until now, Google said.
Google said it took a very few victims to open the fake notices
for the spammers to add hundreds of computers to their botnets
every day.
Google said Real Host, a large Latvian ISP was disconnected by
upstream providers on 1 August, following concerns over spam. This
didn't have the same drastic effects of
McColo (last November), but it was comparable to the 3FN ISP
take-down earlier this year, Google said in a blogpost.
There was an initial 30% drop in overall spam traffic followed
by a quick resurgence as the spammers moved to altnerative servers,
it said.
Overall spam levels remained steady at about 90% of total
message volume, down from the Q2 average of around 95%, and level
with Q308.
However, message sizes were growing, Google said. This was due
to a resurgence in old techniques such as image spam and payload
viruses. The number of spam bytes processed per user more than
doubled (123%) in Q309 over 3Q08.
The extra bytes would affect enterprises' bandwidth, especially
if they processed spam inside their networks, it said. If the trend
continued, some firms might have to increase their network
bandwidth to cope.
Google said organisations were wrong to include their own
domains in their lists of approved senders. This made it easy for
spammers to spoof email addresses to make messages appear as if
they were sent by fellow employees.
Legitimate mail from within the "home" domain would be correctly
identified by filters and would generally get through, it said.