Symantec.com > Empresas > Security Response > Internet Security Threat Report > View the Report > Fraud Activity Trends

Fraud Activity Trends

Fraud Activity Trends Introduction | Phishing Scams Using Current Events | Underground Economy Servers—Goods and Services Available for Sale | Spam Delivered by Botnets | Originating Sources of Botnet Spam | Significant Spam Tactics | Spam by Category

Originating Sources of Botnet Spam

Background

This section discusses the top 10 sources of botnet spam origin in 2010. The nature of spam and its distribution on the Internet presents challenges in identifying the location of people who are sending it because many spammers try to redirect attention away from their actual geographic location. In an attempt to bypass IP block lists, spammers use Trojans that relay email. This allows them to send spam from sites distinct from their location. To send large volumes of spam, spammers tend to take advantage of geographic areas with large networks of available broadband connections. This allows them to send out high volumes of spam by zombie connections at any time of the day.

Methodology

The data for this section is based on the analysis of email traffic collected from MessageLabs Intelligence global honeypots and from the analysis of malicious and unwanted email traffic data submitted by customers. The analysis of phishing trends is based on emails processed by Skeptic™ and recorded after perimeter traffic shaping and botnet connection mitigation techniques are applied. Botnet spam accounted for 88 percent of all spam in 2010, but does vary by client, so this analysis is based on the remaining 15-20 percent of email traffic not throttled at the perimeter. The honeypots are not affected in this way, and collected approximately 30-50 million spam emails each day during 2010.

Data

Table 13. Top global sources of botnet spam, 2010
Source: MessageLabs Intelligence


Commentary

India is single largest source of botnet spam: The largest single source of botnet spam from one country was India, which accounted for 8 percent of global botnet spam. (The actual percentages before rounding for the top two sources are India at 8.4 percent and the United States at 8.2 percent) India remains a large source of infection for the top four major spam-sending botnets, Rustock, Grum, Cutwail, and Maazben. In 2010, these four botnets were responsible for 63 billion spam emails per day and two out of every three spam emails sent by a botnet could be attributed to one of these botnets. In addition, India was a major source of infection for smaller spam-sending botnets such as Bobax and Festi.

Spam from Rustock dominates in the United States. The volume of spam coming from the United States increased during the first half of 2010, accounting for 8 percent of all global spam. The main factor for this high ranking is that the United States is the main source of infection for the largest spam-sending botnet, Rustock. Rustock had a significant spam output of over 44 billion spam emails sent per day, translating to almost half of all spam emails sent by botnets in 2010; this was almost double its volume output from 2009. It continues to be the largest botnet for spam, with an estimated size of between 1.1 and 1.7 million bots under its control during 2010.