Spammers today favor compromised accounts for sending spam, gradually shifting distribution away from botnets, according to Commtouch. The changed tactic has emerged as spam levels dropped dramatically, following several high-profile botnet takedowns.


“Spammers are trying to out-maneuver IP-based spam blocking techniques as well as law enforcement that have both effectively targeted botnets,” said Amir Lev, Commtouch’s CTO. “They are now using a combination of malware and phishing to compromise legitimate accounts and then using these accounts to send low-volume spam outbreaks.”

On the Web security front, Facebook continued to be abused for attacks as more and more consumers expand their use of the social network. Facebook malware tricked users by promising applications that reveal who was viewing their profiles as well as Osama Bin Laden death videos.

Worldwide zombie distribution:

Other malware distribution tactics used during the quarter included:

• Phony IRS “rejected payment” emails
• Fake iPhone 5 notifications
• SEO poisoning
• Malicious scripts within Adobe PDF files.

Additional highlights from the July 2011 Trend Report include:

• Spam levels averaged 113 billion spam/phishing messages per day during Q2, the lowest in three years.
• Approximately 377,000 zombies were activated daily during Q2, a significant increase compared to the 258,000 zombies in Q1.
• The most popular spam topic in Q2 was pharmacy ads, although these now represent only 24% of all spam, down from 28% in Q1.
• India keeps its title as the country with the most zombies – 17% of all zombies worldwide.
• Websites featuring pornography and sexually explicit material were the most likely to contain malware.

The complete report is available here.