"The email attacks originated from Greece from IP address 83.253.67.30 (aiolos.otenet.gr)," a MessageLabs representative tells us. "MessageLabs Intelligence can’t see this being used as a botnet."

"When executed the "Times Reader Plugin.exe" uses iexplore.exe to send encrypted data over port 443 to 82.103.136.9," she continues. "It resolves to an address in Denmark, which looks like a computer on a home network. It doesn’t display anything when you run the exe, so the victim wouldn’t know they have been infected. The only indication is an iexplore.exe process running when there is no IE browser session open. It drops 2 files in the C:\windows\system32 directory as rundl32.exe and also rundl32. This dropped virus is a keylogger with rundl32 file containing what it is you are writing. After a while, the virus shuts down and deletes itself."

While the attack appears to be very targeted, it may prove to be a good idea to watch for such emails, particularly if you are a user of Times Reader.

According to MessageLabs, only 0.5% of spam right now is tied to Halloween, but about 500 million Halloween-themed spam emails are expected to be in circulation worldwide each day as the holiday approaches this week. The majority of Halloween spam links to pharmaceutical spam sites and comes from the Rustock and Donbot botnets, the firm says.

"Happy Halloween J from Devil" – pharmaceutical spam

Meanwhile, spam from the Cutwail botnet uses both Thanksgiving and Christmas as a theme to sell replica watches. MessageLabs says that to date, holiday spam accounts for approximately 2% of all spam, with over 2 billion Thanksgiving or Christmas-themed spam emails expected to be in circulation globally each day.

Christmas subject/Thanksgiving body – replica watches spam

"As is typical with spammers this time of year, we are seeing them try to capitalize on the holiday season," says MessageLabs Intelligence Senior Analyst, Paul Wood. "Although they may be a bit overzealous, spamming is a numbers game and the spammers have certainly succeeded with volume thus far. Perhaps their early-bird approach is an attempt to compete with the other botnets and get in early to maximize their chances of success."

The early-bird approach Wood speaks of relates directly to the fact that spammers are already gearing up for next year’s holidays and events. The firm is already encountering first runs of Valentine’s Day spam as early as four months before it arrives. They are even seeing spam related to next summer’s World Cup event.

In case you’re wondering how successful these spam campaigns can be, MessageLabs says consumers fall victim to messages like these all the time, fueling an underground economy worth an estimated $105 billion in profit from fraudulent activities. 

Related Articles: 

> Stealth Phishing Attack Looks Like Internal Email

> Symantec Urges Windows Users to Patch Systems

> Phishing Down, But Probably Only Temporarily

> Top 10 Most Spammed States in the US

According to MessageLabs, Idaho is the spam capital of the US with 93.8% spam, far exceeding the global spam rate for September of 86.4%. MessageLabs says Idaho has jumped 43 spots since 2008, when it was ranked the 44th most spammed state. According to the security firm, the jump can be attributed to "the resilient and aggressive" botnet market, as well as a higher volume of global spam since he beginning of the credit crisis in late 2008.

Here’s a look at the top ten:

1. Idaho
2. Kentucky
3. New Jersey
4. Alabama
5. Illinois
6. Indiana
7. Massachusetts
8. Pennsylvania
9. Arizona
10. Maryland.

I have to say that based on the incredible amount of spam I receive in my inbox on a daily basis, I am not entirely surprised that our state of Kentucky is high on the list.

"Some of the high spam levels seen across the US can be attributed to the economic challenges experienced globally since the end of 2008 as well as Internet advancement including the high adoption of social networking," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. "Spammers have taken full advantage of both the economic uncertainty of some and the trustworthiness of others for their own rewards. Automated tools, resilient botnets and targeted spam campaigns are all part of the spammers’ toolkit and they are constantly evolving these techniques to outsmart any effort to stop them. No state is immune to the affects of spam."

MessageLabs says there currently between 4 and 6 million computers across the globe that have been compromised to form botnets, which send the majority of spam. These are used by cybercriminals to send out over 87% of all spam, which equates to about 151 billion emails every day.

So who’s not getting very much spam?

States mentioned as having the least amount of spam include Montana, Alaska, Kansas, South Dakota, Tennessee, Vermont, Rhode Island, Wisconsin, and Florida. Puerto Rico gets below the average global spam level.

"In August, the ongoing abuse of shortened-URLs as a delivery mechanism resulted in a number of legitimate URL-shortening services being forced to close their businesses due to their inability to handle the malicious use of their tools," a spokesperson for MessageLabs says. Here are a couple of screenshots from such services:

Shortened URLs have created a huge breeding ground for spammers, but cybercriminals have plenty of other methods of spreading ill will. MessageLabs shars a few other threats from August that they say should be on your radar:

- Cutwail’s nine lives: On August 1st, Latvian ISP Real Host was shutdown, causing Cutwail’s activity levels to drop by 90 percent. However, it only took Cutwail a matter of days to recover, demonstrating just how powerful and intelligent this botnet has become.

-  DDoS attacks on social networks: A number of social networking websites were recently reported to be victims of DDoS attacks. MessageLabs found that the attacks may be linked with a spam run against an anti-Russian blogger. MessageLabs Intelligence suggests that this small but strategic spam run contributed to the DDoS attacks on these social networking sites. A botnet was also used to conduct the DDoS attack in parallel, with compromised computers under the botnet’s control commanded to open the page of the targeted social networking website.

- Old malware comes back to haunt us: MessageLabs Intelligence analysis highlights how cybercriminals are three times as likely to favor repurposing malware across numerous domains rather than developing new tactics. In August, analysis of malware being blocked each day highlights that only 11.9 percent was newly developed malware.

MessageLabs has a report covering the month of August in threat trends here(pdf). It talks about how one in 296.6 emails contained malware, but there have actually been decreases in spam, phishing, and blocked malware sites.

Social network spoof emails have become a popular means of getting into email boxes. Emails appearing to be from Facebook, for example, are often trusted automatically by filters and recipients alike. Thinking the messages are from friends on social networks, targets often follow embedded links to spam sites.

Over 90 percent of corporate email is spam, according to MessageLabs, reflecting a five percent increase over April. Security researchers also peg CAPTCHA-breaking bots as a chief catalysts for the recent spike.

Such a spike in May could also have to do with expected new CAPTCHA technology Google has now released. Bots became adept at breaking text-based CAPTCHAs, but the new form requires human interpretation of images. Spammers may have upped the spam output in anticipation of more difficult to crack CAPTCHA.

Most of the spam, nearly 58 percent, was sent by known spambots around the world. Donbot wins the label of most active spambot, responsible for 18.2 percent all by itself, followed Rustock and Bable, accounting for 20 percent together, and botnets Cutwail and Xarvester, which sent out 10 percent combined.

Instead, a MessageLabs (part of Symantec) spokesperson tells WebProNews that cybercriminals are more likely to be hiding on legitimate web sites tha have been compromised.

Data from the week of May 5th shows that:

- 84% of site domains blocked for hosting malicious content are well-established domains that are over a year old.

- 15.4% of domains blocked are sites that are less than a year old.

- 10.2% are less than a month old.

- 3.1% are less than a week old.

"It is highly likely that older sites are legitimate sites, while those that are only a week old or less are likely to be temporary sites set up with the sole purpose of distributing malware," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec.

"People need to be extra vigilant and understand that even sites they know and trust can be compromised through attacks such as SQL injection attacks, while businesses need to ensure they take the necessary precautions to block all the latest malicious sites," added Wood. "With the ever advancing world of cyber crime, nothing can be taken at face value."

In other words, you’re not safe anywhere. As the RZA would say, "Ya Best Protect Ya Neck."

Such spam messages contain text like:

- "Money is tight, times are hard."

- "Get 15% off these"

- "Cheaper than you could imagine"

"This resurgence of search engine spam comes with a new twist: they are email messages which include links to a major well-known search engine which searches for the spammer’s domain – as opposed to automatically re-directing to the spam site as reported in January 2008 – in the hopes that the search engine has not indexed the target site," a MessageLabs spokesperson tells me.

"By hiding the search for their domain in a legitimate search engine query, spammers can send messages that go under the anti-spam radar," the spokesperson continues.  It is interesting to note that the method being employed by these spammers only works with one major search engine according to MessageLabs (though they are not at liberty to disclose which one that is).

Search engine spam accounted for 17% of all spam at its highest points last year. Given the current state of the economy, I’d say we can expect quite a bit more of the money-saving-based attacks.

"The new year means new opportunities for spammers," says Paul Wood, Senior Analyst, MessageLabs. "As the economic climate continues to be frosty and the inability to secure credit through official channels remains spammers are tempted by the possibility that consumers facing uncertain futures may be more tempted by some of these hard-to-resist offers." 

It is hard to believe these types of scams are still going full throttle, let alone growing so significantly. Yet the numbers lay it out:

MessageLabs notes that the scams are getting easier to read and less verbose, as to be more cunning in their attempts to trick unsuspecting victims. All of you potential victims out there, how many people do you know that have just come into large sums of money and been notified simply by an email from a stranger? Think these things out. There must be people still falling for these things or they would become extinct.