Drop in email virus level continues as spam soars

1 Nov 2006

Email virus rates in Ireland dropped below the 10pc mark last month — less than half the levels recorded earlier this year and the lowest since July of last year. The spam problem continues, however, with the highest rates yet: more than one in two messages are now junk email.

According to tracker data released today by IE Internet, 9.78pc of Irish emails in October contained a virus. The top five infections accounted for almost three quarters of the total, the figures show. As in previous months, the two most commonly found viruses were Zafi.B and Netsky.P, which have been in the wild for more than two years.

Welcoming the fall in virus rates, Ken O’Driscoll, chief technical officer with IE Internet, still sounded a note of caution. “The rate of virus infected emails was exceptionally high in the first place — averaging around 15pc in the last 24 months — so it stands to reason that as older (infected) home PCs continue to be replaced with new clean PCs pre-loaded with antivirus software, the rate will drop in exponential proportion,” he said.

O’Driscoll also pointed out that virus writers are changing tactics to make their work harder to detect and remove, using peer-to-peer networks as an alternative to email for delivering infections.
“As an industry, we are making it harder and harder for virus writers to successfully infect PCs via email so it stands to reason that virus writers will in turn move towards less protected avenues of infection,” he told siliconrepublic.com.

By contrast with the ongoing decline in viruses, spam was at its highest ever rate during October, IE Internet’s data showed. The rate of spam was 57.26pc, meaning that more than one in two emails in the average Irish inbox was unwanted junk. It is the highest level since IE Internet began releasing these figures three years ago, when the level was just 14.08pc.

The UK has steadily grown as a source of spam mail and accounted for 8.56pc of all spam coming into Ireland last month. India has also started to appear on the radar and was in third place with 13.11pc of the total.

“One of the big things that we noticed in October is a marked increase in very aggressive brute force or ‘dictionary attacks’ against business email users,” said O’Driscoll. This is where a spammer tries to send their email to a very large combination of invented email addresses. According to O’Driscoll, the reasoning behind this tactic could be that some anti-spam systems would register such an increase in load that they simply turn off their filters to avoid a denial of service situation and let everything through.

“These brute force attacks mostly come from distributed locations or networks so one could possibly class them as distributed denial of service (DDoS) attacks also as they do consume resources and could conceivably knock out a small site,” he warned.

By Gordon Smith