SOURCE: Marshal

June 25, 2008 09:15 ET

Malicious Spam Triples in One Week, According to Marshal's TRACE Team

Currently Responsible for 46 Percent of All Spam, Srizbi Botnet Is Largely Responsible for Recent Sharp Increase

ATLANTA, GA--(Marketwire - June 25, 2008) - The volume of malicious spam in circulation has more than tripled in one week, according to new research from Marshal's TRACE team. This sharp increase can be largely attributed to the Srizbi botnet, which is currently responsible for 46 percent of all spam sent. Malicious spam jumped from 3 percent of total spam traffic at the start of June to 9.9 percent the following week.

'Malicious spam' is spam that isn't designed to sell a product or service, but is intended specifically to infect recipients' computers with malware. It typically involves a social engineering ploy to lure recipients into thinking it is harmless or related to something of interest, such as free pornography or an invitation to view a greeting card from a friend. It usually includes a URL link to a website hosting malware. Often the malware is falsely presented as a video or game that the recipient is tricked into activating.

"The Srizbi botnet is behind much of this increase in malicious spam," said Phil Hay, lead threat analyst with Marshal's TRACE team. "Srizbi's criminal controllers are currently on a major expansion drive. The more computers infected by Srizbi bots the more money they can make."

The most common campaign Srizbi is using at present is a 'stupid' theme that tries to hook users by including the first part of their email address in the subject line along with the suggestion that they look stupid in a video. Users are often quick to investigate the potentially embarrassing footage before they consider the true malicious nature of the message.

Another recent campaign from Srizbi is based on the social networking phenomenon of connecting to old acquaintances online. It targets the service by using its name in malicious spam with subject lines such as "You have one new message. Classmates" and "Friends waiting for you Tomorrow! Classmates." Once the recipient clicks on the link, they are taken to a fake page that resembles the actual website where they are directed to run a supposed Flash video player. When users click on the link, they are prompted to download an executable file that infects their computer.

"This kind of social engineering tactic is nothing new," said Hay. "What is significant is the rapid increase in the volume. It once again demonstrates the incredible power and dominance that the major spamming botnets have over email traffic. Very few legitimate businesses could triple their email capacity at the push of a button. But this is the advantage that the illegal control of thousands of computers gives the spammers."

"We see Srizbi as one of the biggest threats to Internet users today," said Hay. "We are trying to work with other security researchers to raise the profile of Srizbi and the threat it represents. In contrast, the Storm botnet receives more research and media attention, yet its impact is now bordering on insignificant. When Storm became a high-profile target, Microsoft had great success in removing it from thousands of infected PCs with their Malicious Software Removal Tool. Now, Srizbi needs to become a similar priority for security researchers."

"In the meantime, users should be wary of emails that make personal offers such as online friend connections or include inflammatory personalised subjects such as 'you look stupid in this video,' particularly if they don't recognise the sender," he said.

Marshal's charts and statistics depicting botnet activity over time can be found on the TRACE Center:

About the Marshal TRACE Team

TRACE (Threat Research and Content Engineering) is a group of Marshal security analysts who constantly monitor and respond to Internet security threats through the TRACE website at TRACE services are provided as part of standard product maintenance that includes updates to Marshal's unique, proprietary anti-spam technology, SpamCensor. TRACE analyzes spam, phishing and Internet security trends and provides frequent automated updates to Marshal customers. It also provides "Zero Day" security protection against new email and virus exploits the day they emerge.

About Marshal

Marshal is a global leader in content security across multiple protocols, enabling organizations to secure their IT environment, protect against threats and comply with corporate governance needs. Marshal provides customers with a complete portfolio of policy-driven email and Internet solutions that integrate content filtering, compliance, secure messaging and archiving. Forty percent of the Global Fortune 500 companies use Marshal security solutions to secure their corporate messaging networks and Web access against internal abuse and external threats such as viruses, spam and malicious code. More than 7 million users in over 18,000 companies worldwide use Marshal solutions to protect their networks, employees, business assets and corporate reputation and to comply with corporate governance legislation requirements.

Marshal's Americas headquarters is in Atlanta, Georgia, with corporate headquarters in London (UK) and offices in Auckland (New Zealand), Houston (USA), Johannesburg (South Africa), Munich (Germany), Paris (France) and Sydney (Australia). More information is available at

Contact Information