According to new research conducted by M86 Security Labs, number of malicious spams has increased in a significant way in August. Last week spams increased by 13 per cent while this week it has reached the 24%.
Majority of these spams are coming from Cutwail botnet, Festi and Asprox . Previously Microsoft has shut down the biggest spammer botnet which is Rustock and after this operation most ISP’s founded that spams has been reduced in a significant way.
After analyzing spams there has been identified four different campaigns for the Cutwail botnet messages contain Fake AV, SpyEye and the Cutwail spambot itself. For The Festi botnet this one is sending a malicious “UPS” campaign that distributes the Chepvil Trojan, a downloader that is also installing Fake AV. While Asprox is as always sending malicious hotel transaction spam. The attached malware in this spam campaign installs a password stealer and Fake AV.
If we eliminate Rustock Cutwail botnet will occupy the first place with 100,000 bots, followed by Lethic – 75,000 bots; Grum – 65,000 bots; Festi – 60,000 bots, and Maazben – 30,000 bots. The remaining spam botnets consist of 5,000 to 30,000 bots includes Asprox, Fuflo, Waledac, Fivetoon / DMSSpammer, Xarvester, Bobax, Gheg and Bagle.
SpyEye is a particularly nasty piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.
What makes SpyEye dangerous that it does not require very much infected computers but with hundreds of PC’s criminal can gain millions of dollars. Now if you check SpyEye Tracker you find about 439 command-and-control servers with 186 online and they are distributed all over the world.