Malware-laden spam comes roaring back

One security firm sees a massive jump in malicious spam, fueling concerns that bot operators are bouncing back

A number of high-profile takedowns have whacked spammers this year. Now, a surge in spam carrying malicious exploits has researchers worrying that spammers have been successfully rebuilding their networks.

Earlier this week, M86 Security noted a significant spike in the proportion of spam carrying malicious attachments. Overall, the volume of spam messages has only slightly increased, but nearly a quarter of those messages are carrying attachments capable of infecting an end-user's computer, the company said. That's up from the typical single digits; for example, the last time M86 Security noted an increase in malicious attachments, in April, less than 7 percent of messages carried infectious programs.

"This is an epic amount of malicious spam," writes Rodel Mendrez, a threat analyst with M86 Security. "After multiple recent botnet takedowns, cyber criminal groups remain resilient, clearly looking to build their botnets and distribute more fake AV in the process."

In the past year, efforts by Microsoft and others resulted in the shuttering of two botnets: Waledac and Rustock. U.S. law enforcement spearheaded an effort to shut down the Coreflood botnet. And authorities in Spain and other European nations have hampered the operations of a Mariposa-based botnet.

Experts cited the takedowns as the reason for a surge in malicious spam in April. M86 Security is seeing three times more malicious spam now. The majority of the malicious spam comes from the Cutwail botnet, the company said, though it said that two other botnets, Festi and Asprox, contributed to the rise.

One reason for the timing of the surge could be that spammers and bot operators are seeking to take advantage of summer vacationers, says Ed Rowley, product manager for M86 Security.

"You have a lot more people who are opening up email at home; perhaps their guard is down because they are on holiday," he says. "They are not protected by corporate gateways, so they are probably less well protected than they are at work."

This story, "Malware-laden spam comes roaring back," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.