The percentage of spam containing shortened hyperlinks has increased significantly over the last year, with a one day peak of 18%, or 23.4 billion spam emails on April 30, 2010, doubling last year’s peak levels, according to a report from Symantec.
The report, July 2010 MessageLabs Intelligence Report, also revealed a significant increase in use of the tactic, with only a single day where when shortened hyperlinks appeared in more than 1 in 200 of spam messages in the second quarter of 2009.
There were 43 days in second quarter 2010 when at least 1 in 200 spam messages contained shortened hyperlinks and 10 days where at least 5% of all spam contained these links, the report added.
Paul Wood, senior analyst of MessageLabs Intelligence at Symantec Hosted Services, said: "As far as spammers are concerned, any tactics that make it harder to block their spam emails are going to be exploited.
"When spammers include a shortened URL in spam messages, these shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam based on the reputation of the domains found in the spam emails."
The analysis also revealed that Storm botnet, which returned to the threat landscape in May 2010, is responsible for the greatest volume of botnet spam containing short hyperlinks, accounting for 11.8% of all spam containing shortened hyperlinks.
Mr Wood said: "While botnets are often the source of short URL spam, 28% of this type of spam originated from sources not linked to a known botnet such as unidentified spam-sending botnets or non-botnet sources such as webmail accounts created using CAPTCHA-breaking tools.
The report said that the global ratio of spam in email traffic in July 2010 from new and previously unknown bad sources was 88.9%, a decrease of 0.4 percentage points since the prior month.
The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources saw a marginal increase, with one in 306.1 emails (0.327%) in July, a decrease of 0.04 percentage points since June.
The report found that the most prevalent threats against endpoint devices such as laptops, PCs and servers Sality.AE virus, which spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
Phishing activity was 1 in 557.5 emails (0.179%) in July, an increase of 0.02 percentage points since June, while analysis of web security activity shows that 30.5% of malicious domains blocked were new in July, an increase of 0.2 percentage points since June.
MessageLabs Intelligence also identified an average of 4,425 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 176.9% since June.
According to the report, spam levels in Luxembourg rose to 2.4 percentage points to 93.5% in July, followed by China (92.1%), Denmark (91.8%), Hong Kong (90.6%), Netherlands (90.4%), US (89.8%), Germany (89.5%), Australia (88.6%), Canada (88.1%), the UK (87.8%), Singapore (86.7%), and Japan (86.2%).
The report further said that New Zealand became the most targeted for phishing attacks in July with 1 in 111.2 emails comprising a phishing attack.
The most hit industry by spam mails was the engineering sector with a spam rate of 92.6%, followed by retail (89.9%), IT services (89.6%), education sector (89.1%), chemical & pharmaceutical sector (89%), finance (87.4%) and public sector (87.3%), the report added.
MessageLabs Intelligence pointed out the engineering sector as the most targeted industry for malware, while virus levels were highest in the education sector, followed by finance, IT services, the chemical & pharmaceutical sector and retail.
