December 08, 2010, 2:08 PM — August was the peak month for spam during 2010, says Symantec.
According to the security firm's MessageLabs Intelligence 2010 Security Report, 92.2% of all emails sent in August were spam, a figure which Symantec attributes to the Rustock botnet. On average, 89.1% of all messages sent during 2010 were spam, which is 1.4% up on the previous year, while botnets accounted for 88.2% of all spam.
The total number of botnets worldwide is between 3.5 and 4.5 million, which Symantec says is similar to the number in 2009.
"With successful and resilient botnet operations established in prior years, cybercriminals experimented with many tactics to keep spam campaigns active and fresh this year," said Paul Wood, senior analyst at Symantec's MessageLabs Intelligence.
"From leveraging newsworthy events like the FIFA World Cup to taking advantage of the widespread popularity of URL-shortening services and social networks, the spammers deployed a variety of tricks to bypass spam filters and lure potential victims."
The security firm predicts that in 2011 botnet controllers will resort to employing steganography techniques to control their computers. In other words, hiding their commands in plain view - perhaps within images or music files distributed through file sharing or social networking web sites.
"This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure, thus minimising the chances of discovery," Wood added.
Symantec identified more than 339,600 different malware strains in 2010 - that's more than a 100% increase on last year. The security firm said this was due to the explosion of malware generated from toolkits, which allow a new version of the code to be generated quickly and easily.
The average number of new malicious websites blocked each day rose to 3,066, compared to 2,465 for 2009, an increase of 24.3%.
Furthermore, employees who work both in and out of the office appear to relax their browsing habits considerably when out of the office, which is also a big security threat to firms. Symantec said organisations must determine to what extent they will manage employee online behaviour with web policy controls.