Global spam reached rates as high as 96 percent of all email traffic during 2007. And, according to a report from Commtouch, botnets helped keep spam output at consistently high levels throughout the year.
96% of all email is unsolicited junk
According to data collected by Commtouch, a security firm that specialises in protecting email, the global spam rate averaged around 80 percent of all email traffic throughout the year.
Although the spam rate dipped to as low as 60 percent in the second quarter of 2007, it spiked back up in the third and fourth quarters, peaking at 96 percent of all email output early in the fourth quarter.
Commtouch says that botnets - which are networks of infected zombie hosts that are used to carry out distributed denial-of-service attacks and massive spam campaigns - were the major culprits behind the spam outbreaks.
The most disruptive botnet, says the firm, was the Storm worm botnet, which researchers estimate contains more than 1 million infected machines. In the fourth quarter of 2007, for instance, the Storm botnet launched an MP3 spam campaign that enticed unwitting users into downloading malware by offering them free music through infected sound files.
The firm says that this particular attack accounted for 7 percent to 10 percent of all global spam traffic at its peak.
In addition to its MP3 attacks, the Storm botnet launched a series of holiday-themed spam attacks that included dancing skeleton graphics for Halloween and Christmas emails that enticed users with promises of "sexy girls" who would "give you that special Santa treatment".
Commtouch warns that the Storm botnet has yet to be used to its full potential and that its activity in 2007 "may come to be seen as merely the calm before the Storm compared to what 2008 has yet to bring". Part of the reason that the Storm botnet has been so difficult for security pros to tackle, the firm notes, is that it has an elaborate defence system that aggressively attacks anyone who attempts to reverse engineer it.
Additionally, Commtouch says it is virtually impossible to track down Storm's botmaster, because its command and control is executed through a peer-to-peer network.
"The only effective way to protect against Storm and other botnets is to dynamically detect and block activity from the infected machines, based on identifying zombie IP addresses," Commtouch says. "Only security solutions capable of detecting and classifying malicious activity in real-time are able to provide a barrier against this growing threat."