In April, Symantec observed that the global spam volume dropped significantly on 16 March 2011 due to the shutdown of Rustock, one of the most prolific botnets in the world. As a result, the global spam volume fell 24.7 percent on 16 March as compared to the previous day. On 17 March, the volume fell another 11.9 percent.
Since then, the volume has continued to stay low. Overall, spam made up 74.68 percent of all messages in March, compared with 80.65 percent in February.
Despite the slowdown in overall spam volume, Symantec observed an increase in zip attachment spam towards the end of March, 2011. All of the observed samples are spoofed to appear as if they are legitimate delivery warnings or notifications from delivery service companies. The message text asks recipients to open the zipped executable file for further details or actions necessary to take delivery of the item.
Once the recipient downloads the compressed file, malware such as Trojan.FakeAV, Backdoor.Cycbot and Trojan.Sasfis were installed. Even though one botnet has been taken down, it appears spammers are trying to rebuild their capacity once again. For more details, please proceed to Symantec’s April 2011 State of Spam and Phishing Report.
To avoid falling prey to such threats and spam, Symantec advises that users be selective about the websites they register their email addresses and not open unknown email attachments as they could possibly infect their computers.