Security researchers from M86 Security warn that since the beginning of August the quantity of malware-carrying spam has spiked to levels far exceeding those before the SpamIt shutdown.
The unexpected closure of the largest rogue pharmacy affiliate program, SpamIt, in October 2010, is used as a point of reference in spam measurements because that's the last time when spam levels plummeted.
The event was also significant because after the SpamIt shutdown the levels never recovered, despite security researchers expecting otherwise.
Of course, they were kept under control by the takedown of several major botnets, including spam king Rustock.
However, according to recent telemetry received by M86 Security, all this has changed in a matter of days. "From the beginning of August, we have observed a huge surge of malicious spam which far exceeds anything we have seen over the past two years
," the company's analysts warn
Last week, the number of emails carrying malicious attachments represented 13% of the total amount of spam, a very large number compared with what has been observed in the past. Then, this Monday, that number spiked to 24% within a single day.
Most of these spam campaigns come primarily from the Cutwail, Festi and Asprox botnets. The change suggests that botmasters are trying to get back into business after returning from their summer holidays.
M86 Security gives some examples of the malicious spam emails seen recently. These pose as notifications from organizations like Fed Ex, MasterCard, VISA, UPS, and use the usual fraudulent transaction, misdelivered invoice, or failed delivery lures.
Users are advised to keep their antivirus products up to date and treat email attachments with caution, even if they appear to originate from trusted sources. Multi-engine file scanning services like VirusTotal can be used to check attachments for malware.