Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Thursday, March 1 - is anyone out there?

Thursday, March 1 - is anyone out there?

  • Comments 2

This past Thursday (March 1, 2007) seems to be a bit of an anomaly.  I say this because overall message volume is the lowest it has been since New Year's day.  Ignoring that holiday, it's the lowest it has been since early October.  Compared to February 28, traffic is down 37%.

That seems a little weird.  It's almost as if a big group of spammers decided to simultaneously go on vacation or stop spamming.  Perhaps they are starting to collude together.

Leave a Comment
  • Please add 2 and 3 and type the answer here:
  • Post
  • I would agree with your suspicion.

    Email-borne viruses also show strong signs of coordination. I think the 'vacation' is actually the time they work on planning and building the next attack. Image-based spam is computationally heavy because they randomly generate images with slight differences, so they probably work on generating all the images and then distribute them in a concentrated amount of time. Server-side polymorphic viruses work much the same way. thr malware writers have to generate tens of thousand of slightly altered variations of the malicious code 7 then mass distribute them in very intense bursts.

    The trend is covered here: http://www.commtouch.com/downloads/Commtouch_2006_Email_Borne_Malware_Review.pdf

  • Nikk, do you think they generate the images beforehand and distribute them on the fly (ie, send the email and attach the image from a central location), or do you think that the image is generated on the fly?

    For example, they have a "base" image they start with, and then the malware has an algorithm that randomly inserts dots, rotations, etc, as the message is being sent?

Page 1 of 1 (2 items)