Anti-Bot-net Protection: Our recently introduced advanced bot-net protection continues to perform well against the growing number of bot-net attacks. We've observed that bot-net generated spam now comprises over 20% of the spam traffic, and on April 14, a single powerful attack accounted for 46% of all spam volume.

This graph shows the actual bot-net activity patterns. Spammers try to take advantage of the reactive nature of most spam protections by attacking with maximum volume when defenses are low.

Advanced Anti-virus Heuristics: In January, we completed the release of advanced anti-virus heuristics that specifically targeted zero-hour attacks (the period of vulnerability between a new virus in the wild and release of the anti-virus signature file). If the bot-net protection identifies a suspicious message, the anti-virus heuristics also scan the message for zero-hour viruses.

We've observed a number of attacks in which the anti-virus heuristics successfully identified viruses. For example, the anti-virus heuristics identified a viral message pattern -- later identified as a new strain of the Spy Agent Downloader ( http://vil.nai.com/vil/content/v_141846.htm ) -- in the wild at 11:12 AM GMT. At 2:50 PM GMT, when the volumes had grown dramatically, we received the new virus signature file from one of the anti-virus engines. 

Filter Updates: We continue to update filters to combat spammers’ tactics. Attacks blocked include new variations of pharmaceutical and automotive scams, penny stock ploys (ZYTO Corp), and numerous phishing attacks.

Spam Traffic Trends: Spam levels continue to remain high, and April 23rd brought a record level of spam for the year, with the 194 spam messages per user per day. With such high spam volume, organizations with in-house solutions require equally high capacity to handle the load. Since spikes in spam can happen overnight, we must carry precautionary -- but generally unused—capacity to avoid a meltdown.