Enterprise gateway security company, Secure Computing reported that spam levels has risen by over 30 percent again this week, almost reaching the all time high of 90 percent of all mail seen in December last year.
Secure Computing’s TrustedSource Labs observed that the recent spike in spam levels is attributed primarily to the ongoing Storm worm epidemic.
Majority of the compromised servers used by the Storm Worm gang to infect users resides in the United States. The Storm Worm has about 20,000 hosts worldwide currently, residing in over 100 different countries. The top 10 countries hosting the Storm Worm are US, UK, Korea, Canada, Russia, Germany, Romania, France, Poland and India.
A new twist to the Storm Worm was also detected. Today, Storm Worm can launch a full-scale DDoS attack towards any researcher or company that tries to access the servers or experiment with scanning or disabling them. These attacks can last for days.
"The primary reason the Storm Worm gang is in business is spam," explained Bejamin Low, Managing Director for Southeast Asia and India, Secure Computing.
"Botnets are simply a means to an end. We see more and more spam on the horizon, particularly stock based promotions that they specialize in. Unfortunately, until people stop clicking on the links they receive in unsolicited emails, the Storm Worm will continue to grow."
The Storm Worm threat utilizes server-based polymorphism, which means that it is continuously being repackaged to make the malware appear different to signature-based anti-virus solutions. With the executable file being changed continuously, it easily sneaks below the radar of the leading anti-virus programs, which are largely signature-based.
According to Secure Computing, its customers have apparently not taken any damage from the Storm Worm Epidemic as its global TrustedSource reputation system are able to identify malicious URLs in emails in real-time and block these e-mails based on both where they are originating from and where it’s trying to lure the victims.
TrustedSource provides users with a 92 percent spam block rate, in addition to blocking 83 percent of total mail volume well before spam reaches anti-spam filters. In addition to this, Secure Computing also identifies and blocks the browser-based JavaScript exploits that the Storm Worm uses to infect a machine.
TrustedSource is integrated into Secure Computing’s enterprise gateway security appliances in addition to partner products. |
