The threat landscape in Canada for the month of March is such that spam accounted for 79.4 per cent of e-mail received, and malware accounted for one in 160.1 e-mails, according to the March 2011 MessageLabs Intelligence Report by Symantec Corp.
While the figures are a tad higher than the global spam rate, trends in Canada’s threat landscape have consistently followed rather closely the global rate, said Paul Wood, senior analyst for MessageLabs Intelligence with the Cupertino, Calif.-based security vendor.
“Canada has always featured prominently in terms of the spammer output,” said Wood.
What makes Canada particularly alluring to spammers is the existence of lower-priced pharmaceuticals compared to those in the U.S. that fit rather well with spam strategies. “A lot of spam relates to pharmaceutical products and to make that attractive to the U.S. audience, they dress them up to appear as genuine Canadian pharmacies,” said Wood.
But while the report did state a spam rate of 79.4 per cent for Canada, that figure will still differ across the provinces where different dominant industries and, therefore, recognized brand names, may be situated, noted Wood.
On the global level, Canada’s spam output accounts for two per cent of overall spam.
However, watching the distribution of botnets around the world reveals some interesting shifts, said Wood. The U.S. has always been a dominant contributor of spam output, but now other countries are catching up. Russia was top of the spam output list in March, accounting for 12 per cent of global spam. India and Brazil followed closely behind.
The Symantec report also paints a slightly altered threat landscape after the take-down of the very productive Rustock botnet earlier in March. The global landscape showed a sudden decrease in spam volumes, but only until lesser-known and smaller botnets began moving into the void.
“What we’re seeing now are other botnets that are really smaller botnets, trying to fill the gap that Rustock has left,” said Wood.
Bagle is one botnet among those filling the void left by Rustock. While Bagle isn’t new to the botnet scene, it is a smaller botnet that has “certainly jumped up enormously from virtually nothing” and is currently sending 8.31 billion spam e-mails daily, said Wood.
Another rising botnet is Cutwail at 4.5 per cent of overall spam.
However, Wood noted that although Rustock’s disappearance caused a drop in global spam volumes by only a few percentage points, such a decrease still amounts to “a huge volume in terms of the global spam output.”
Brian O’Higgins, an Ottawa-based security consultant, thinks it’s not surprising that new botnets should move in so swiftly to fill the gap left by Rustock, given the botnet and malware world has developed such a powerful ecosystem.
But O’Higgins does find it interesting how some smarter malware, associated with these botnets, are able to close the security hole behind them after they infiltrate a computer. “This helps the malware survive longer on a machine,” said O’Higgins. “And it actually has a security benefit that helps stop new stuff from getting in and trying to own the machine.”
Despite the changing landscape and occasional drops in spam output, O’Higgins warns IT departments should continue to improve their security posture.
“You can’t relax just because you have not been hit for some time. A new threat is always just around the corner,” said O’Higgins.
Follow Kathleen Lau on Twitter: @KathleenLau