Researchers at MessageLabs have revealed that the distributed denial of service (DDoS) attacks made on several big name social networking sites in the past few weeks were linked to a spam run against an anti-Russian blogger, with a botnet also being used in parallel to carry out the attack.
“Although it is presumed that this spam run contributed to the DDoS attacks on these social networking websites, it is unlikely that this run alone could have caused all the reported disruption,” the messaging security specialist has reported in its latest intelligence briefing.
MessageLabs Intelligence has suggested that a botnet was also used to conduct the DDoS attack in parallel, with compromised computers under the botnet’s control commanded to, in an automated way, open the page of the targeted social networking website.
The company’s analysis has also revealed that activity levels for one of the largest botnets fell away drastically following the shutdown of an ISP in Latvia.
Activity of the Cutwail botnet which is said to responsible for approximately 15 to 20% of all spam today, and is one of the largest botnets globally, fell by as much as 90%, it reports.
The Latvian ISP Real Host was disconnected on 1 August after it was alleged to be linked to command-and-control servers for infected botnet computers.
Following the disconnection, MessageLabs found global spam volumes immediately fell by as much as 38%.
Normal service was quickly resumed however, and the respite in activity levels lasted only 48 hours.
MessageLabs notes that this was not the first time an ISP blamed for malicious activity has been disconnected. In the last 12-months at least three US-based ISPs have suffered a similar fate, most notably, Atrivo (aka InterCage), McColo and Pricewert (3FN). Pricewert was taken offline by the US Federal Trade Commission.
Spam remains fairly steady, down from 89% at 88% overall for August, due to the activity levels of other major botnets such as Rustock, Mega-D and Donbot.
In the UK levels are running slightly higher at 91% from levels of 93% in the month earlier.
The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 296 emails. One in 341 emails comprised some form of phishing attack.
In August, the most spammed industry sector with a spam rate of 93% was the engineering sector, the researchers have revealed.