Our folks in spyware research infected two machines with spam bots (the spam bots are only sending to our internal research network — all traffic to port 25 is redirected to our honeypot).
By infecting two machines with two different known spam Trojans (Trojan-Proxy.Win32.Lager.gen and FiveSec.Spam.Agent.vx), we were able to capture over 6,000 image spam messages in a period of only 35 minutes (the spam bots were running at different times). Incidentally, these trojans are coming through Vxgames installs (nasty malware distributors).
So, with our bandwidth, these bots combined are capable of sending over 12,000 messages an hour – a little over a quarter million messages a day. At one time just one of the machines was pushing one megabit per second of spam email at the test server.
However, in real life, the real number would be lower, probably 60,000 to 80,000 messages per day (we’re dealing with fast DNS servers and gobs of bandwidth here, so our tests will always show higher rates than real-world). Still, that’s an incredible number for one machine.
A few different samples of stock image spam picked up Friday in our “SpamTrap”, all promoting a stock for Aerofoam Metals (AFML):
And here is that stock on Yahoo finance:
And that’s why you see so much spam.
Alex Eckelberry
(Credit to Sunbelt researchers Adam Thomas, Tom Robinson and Nick Suan)