The Storm botnet decreased to just five per cent of its original size during
April, but overall web-based malware levels increased by 23.3 per cent, new
monitoring data reveals.
MessageLabs'
Intelligence
Report for April 2008 said that new malicious software removal tools aimed
at removing Storm infections were responsible for the sudden reduction in
Storm-infected computers.
The security firm now estimates the botnet at approximately 100,000
compromised computers, down from previous estimates of two million.
This is evidenced by a 57 per cent decrease in malware-laden emails
distributed by the Storm botnet during April.
However, analysis of web-based malware suggests that 36.1 per cent of
interceptions in April were new, an increase of 23.3 per cent since March.
MessageLabs also identified an average of 1,214 new websites per day
harbouring malware and other potentially unwanted programs such as spyware and
adware, an increase of 619 compared with the previous month.
"April was a month of unpredictability with the mighty Storm botnet losing
all but five per cent of its anonymous army, and web-based malware reaching new
levels," said Mark Sunner, chief security analyst at MessageLabs.
"This month we find ourselves fighting the cyber-crime battle on many fronts,
with the bad guys using an arsenal of weapons in order to detonate spam,
viruses, phishing attacks and targeted Trojans.
"This makes it more important than ever to have a strong security shield in
place."
On the cusp of the 30th anniversary of the first spam email, MessageLabs
identified a new spamming technique being used to send authenticated spam email
via Yahoo's SMTP servers.
The study also revealed that
targeted
attacks reached new heights last month. MessageLabs intercepted
approximately 70 targeted Trojans per day, an increase of 250 per cent on
December 2007.
The firm has intercepted 13
Olympics
themed attacks over the past six months which use legitimate-sounding email
subject titles.
Some attacks purported to be from the International Olympic Committee in
Lausanne, but all the attacks but one were sent from an IP address in Asia
Pacific.
Do you agree?
Have your say on this article