WikiLeaks and Mega-D Botnet Dominate December's Spam Landscape

03 Feb 2011
Virus News

Spammers exploited the global interest in Wikileaks throughout December, according to Kaspersky Lab's monthly spam report.

Kaspersky Lab's spam analysts registered several mass mailings, which called on users to spread WikiLeaks links in the name of democracy. Spammers also mentioned the WikiLeaks name in background noise texts to bypass spam filters. They were mostly quotes from material published on the site, or news about the portal itself. The word WikiLeaks was often inserted in links in another bid to evade the filters.

In December, India remained the single-most popular source for spam, accounting for almost 10 per cent of the total volume. Russia was in second place having overtaken Italy and Vietnam. Brazil completed the top five, accounting for more than 4 per cent of world spam. There was a significant drop in the amount of spam emanating from Western Europe, with 4.3 per cent coming from the UK, 2.2 per cent from France and 1.8 per cent from Germany. As was the case in November, most malware was detected in mail traffic received by users in India, Russia and Vietnam.

The legal war on botnets once again came to the fore in December with criminal proceedings being instigated in the USA with the case of Russian citizen, Oleg Nikolaenko, who is suspected of creating and running the Mega-D zombie network, also known as Ozdok. The botnet's infected machines were used to distribute partner spam containing adverts for medications and fake designer goods. It is claimed that at its peak the network's zombies could distribute up to 30-35 per cent of world spam.

"Spam is usually dominated by the Christmas and New Year holiday theme in December, but in 2010 it had to share the limelight with WikiLeaks, which once again underlines just how serious the scandal surrounding the website was at the end of the year," commented Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab.

"Immediately before the start of the holidays we witnessed a dip in the amount of spam. This is a seasonal phenomenon – at the end of the year the amount of spam mailings always falls off because a lot of the infected botnet computers are switched off. As for the case of Mr. Nikolaenko, it demonstrates yet again the need to introduce tougher anti-spam laws in Russia. As it stands, one of the major players in the spam business faced no charges in his own country because of shortcomings in the spam legislation," Namestnikova concluded.

The full version of the spam report for December 2010 is available at www.securelist.com/en.