Record levels of virus-laden spam emails hit the internet in the third quarter following a six-month surge in total spam, says Google.
Postini, which looks after Google's email security and archiving, blocked more than 100 million viruses every day during the attack.
Google's daily email traffic now totalled more than three billion emails to more than 50,000 businesses and 15 million business users, the firm said today in its spam report for 3Q09.
Most (55%) of the viruses were contained in messages such as fake notices of underreported income from the IRS. One-third were fake package tracking attachments, which were already on the rise in Q2, it said. The attacks dwarfed the Storm virus attack which held the record until now, Google said.
Google said it took a very few victims to open the fake notices for the spammers to add hundreds of computers to their botnets every day.
Google said Real Host, a large Latvian ISP was disconnected by upstream providers on 1 August, following concerns over spam. This didn't have the same drastic effects of McColo (last November), but it was comparable to the 3FN ISP take-down earlier this year, Google said in a blogpost.
There was an initial 30% drop in overall spam traffic followed by a quick resurgence as the spammers moved to altnerative servers, it said.
Overall spam levels remained steady at about 90% of total message volume, down from the Q2 average of around 95%, and level with Q308.
However, message sizes were growing, Google said. This was due to a resurgence in old techniques such as image spam and payload viruses. The number of spam bytes processed per user more than doubled (123%) in Q309 over 3Q08.
The extra bytes would affect enterprises' bandwidth, especially if they processed spam inside their networks, it said. If the trend continued, some firms might have to increase their network bandwidth to cope.
Google said organisations were wrong to include their own domains in their lists of approved senders. This made it easy for spammers to spoof email addresses to make messages appear as if they were sent by fellow employees.
Legitimate mail from within the "home" domain would be correctly identified by filters and would generally get through, it said.