Malicious spam hits two-year high

August has seen malicious spam levels reach a two-year high, hitting almost a quarter of all spam by volume, with the Cutwail, Festi and Asprox botnets among the key culprits, according to the latest research from M86 Security Labs.

The security vendor's research team noted in a blog post that malicious spam made up at least 13 per cent of the total spam volume last week, which in itself is unusual. However, this week that number jumped to a whopping 24 per cent.

"Four of the campaigns, which we identified as originating from the Cutwail botnet, are mostly recycled spam themes - FedEx, credit card, changelogs and invoices," wrote security researcher Rodel Mendrez.

"The malware is attached within a compressed Zip archive and is a Trojan that downloads additional malware including fake anti-virus, SpyEye and the Cutwail spambot itself."

The Asprox botnet, meanwhile, sends malicious hotel transaction spam, carrying threats including fake anti-virus and password-stealing malware, while the Festi botnet has begun sending a malicious UPS campaign armed with fake anti-virus.

"This is an epic amount of malicious spam. After multiple recent botnet takedowns, cyber criminal groups remain resilient, clearly looking to build their botnets and distribute more fake anti-virus in the process," said Mendrez.

"It seems that spammers have returned from a holiday break and are enthusiastically back to work."

We're not sure whether this rise in malicious spam is linked to the overall decline in spam this year since the takedown of several rogue ISPs and botnets, most notably Rustock, but it certainly makes email security and user awareness that bit more important.