Spam shows little signs of stopping as viruses rise

4 Dec 2006

Spam levels barely declined in Ireland during November as virus rates rose again, new figures from IE Internet reveal.

Less than half of all emails circulating in Ireland now constitute legitimate traffic, as the spam rate recorded last month was 55.61pc. This figure was only marginally down from October levels, which were the highest since the Dublin company began recording these statistics three years ago.

Although the US remains the highest source of unwanted junk email into the country with 26.61pc of the total, China has caught up considerably and last month just over a quarter (25.76pc) of spam originated from there. The UK is much more on the radar than before with 20.59pc whereas South Korea, a longtime mainstay of the list, did not feature in the top five senders for November.

The rate of virus infection was 11.23pc and the interesting development was the appearance of two new pieces of malware that between them accounted for more than 40pc of the total.

The first, W32/Warezov, is a worm that spreads by email posing as an operating system security update. It can beat antivirus products on the infected PC and set up a remote access facility on it so that the machine can be controlled by an unauthorised third party to launch denial of service attacks or to send spam.

“We have seen a few variants of this virus over the month, but most have not been successful at gaining any type of foothold,” said Ken O’Driscoll, chief technology officer with IE Internet. “What makes this virus smart is that it has the ability to update itself by connecting to rogue websites where the latest version of the virus program is kept and downloading it. This is essentially the same thing that desktop antivirus products and operating systems have been doing for the last few years – it was only a matter of time before the virus writers adopted the same tactics.”

The second-placed infection is classed as a strain of W32/Tricky-Malware by the major antivirus software firms. It was found in 15.45pc of infected emails scanned by IE Internet. O’Driscoll pointed out that it looks like a strain of another virus but this hasn’t been fully established yet. “While we don’t normally discuss the code until the antivirus vendors have called it, it has remote access functionality — so like W32/Warezov, infected machines can be controlled,” he warned.

By Gordon Smith