Welcome to the MessageLabs Intelligence Security Report for May 2010.
In May, as spam levels rose a further 0.3% to 90.2% of email traffic, nine out of ten spam emails were found to contain a URL link in the message; 29% of these were for legitimate domains. Five percent of all unique domain names found in spam URLs belonged to genuine web sites. Of the most frequently used domain names contained in spam URLS, the top four belong to well-known web sites used for social networking, blogging, file sharing and host other forms of user-generated content.
Domains belonging to well-known web sites tend to be recycled and used continuously compared with ‘disposable’ domains which are used for a short period of time and never seen again. Perhaps this is because there is some work involved in acquiring them: the legitimate domains require CAPTCHAs to be solved to create the large numbers of accounts that are then used by spammers. Moreover, disposable domains are often used quickly after being first registered; and on average, 50 percent are used within nine days, before spammers switch to newer domains.
Also in May, MessageLabs Intelligence analyzed the growth of spam and botnets in some of the countries along the eastern coast of Africa, namely those which received greater broadband connectivity in July 2009. The proportion of global spam that comes from Africa overall has increased to 3 percent of global spam in May 2010 from just under two percent in April 2009, reflecting an extra 1.2 billion spam emails being sent from Africa daily compared to one year ago.
