Last week, on a message board I read regularly, someone mentioned that it seemed like she was getting a lot more spam in her inbox lately. Others commented on her post, also mentioning that they were seeing more spam. I thought it was odd because everything I've been reading and all of those second-quarter reports I get have been saying that spam has seen a decrease, especially after the Rustock botnet was taken down.
Apparently, my colleagues on this message board were on to something. Today, I got a note from M86 Security alerting me that there has been a huge surge in spam since the beginning of August. According to M86 Security, the majority of the malicious spam comes from the Cutwail botnet, although Festi and Asprox are among the other contributors. The botnet is recycling some of those old favorite spam themes: Fedex, credit card, changelogs and invoices. The malware is attached within a compressed zip archive and is a Trojan that downloads additional malware including Fake AV, SpyEye and the Cutwail spambot itself.
Other security companies are also seeing an uptick in spam since the beginning of August. From the Commtouch Cafe:
The UPS name is once again being used to spread vast amounts of email-attached malware. The last week has seen an extraordinary increase-over 5.5 times the average level before the outbreak. The attack closely resembles the large outbreak reported on at the end of March.
At the Sophos Naked Security blog, the discussion is about a malware attack through credit card spam.
An article in eWeek quoted someone from Commtouch, who said the spike may be an aberration, as the spam levels have already decreased. Neither Sophos nor Commtouch provided a source to the spam.
Is it just a one-time thing, a dog days of summer attack? Or is this a precursor of a spam-filled autumn? Time will tell. It will make for some interesting third-quarter reports.