By now, you have doubtless seen the CNN “news alert” spam using legitimate news story headlines infesting the inboxes of tens of millions of people. There are variations also claiming to be from MSNBC from the same bot network, Storm, and the BBC, on a botnet called Mega-D. No doubt they will morph again to use other social engineered subject lines to trick unwitting people into clicking the links contained within. It is a virus, and more proof that spam 2.0 — the merging of spammers with virus-makers and spyware writers — exists. They are unfortunately very good at what they do.
Our friends at MX Logic track this stuff really well, and one of the botnets spewing out this junk was going full throttle at 11 million pieces of spam per hour.
These are all attempts to grow the zombie networks by sending out emails that will infect the computer of anyone who clicks the payload link.
Our inbound spam filtering at Return Path has been working overtime to stop this wave of attacks, but it is quite difficult to do — the sending IPs and domains are morphing constantly, so it is always catch-up ball.
And finally, because it is always better to show than tell, here is a small snapshot of the uptick we have seen at Sender Score Certified’s support system. This graphic is showing just a couple of the inbound mail streams and really illustrates the dramatic increase in spam: