The state of Spam and Phishing for July 2009

spamWe have just released our latest State of Spam report and it shows that volumes averaged 89% of messages for July 2009. During the month, image spam continues to show a resurgence and to have an impact, reaching 17% of all spam during one point in July. Click here to download the report.

In addition we have also released our State of Phishing report. We saw a 52% increase in phishing attacks from the previous month. We continue to observe that the majority of the attacking URLs were generated using phishing toolkits, with a 150% increase from the previous month. Click here to download the report.

August 6, 2009 | Filed Under Security, Spam | Leave a Comment 

What Malware can teach Spam

spamThe world of spam shows an ‘ebb and flow’ pattern. New techniques to evade spam filters arrive, drive an increase in spam, the anti-spam tools react to it and the level and effectiveness falls back to a ‘normal’. Google have been commenting that, maybe, the spammers are running out of new and original ideas. The second quarter of 2009 saw a substantial 53 per cent increase in average spam levels from the first quarter. However, Google said in a blog post that many of the new attacks were simple rehashes of attacks that occurred in the past.

We ourselves have noticed in the past few months the reemergence of some old tactics, notably image spam. There is nothing revelatory in the application of old techniques and their refurbishment and use in a new context. This is an area wherein spam and malware show similarities. In the world  of malware, if an attack found itself to be successful, we would see it being reused or adapted to extend its usefulness. The ‘Storm’ trojan being a good recent example of this. Every other month, it seemed that there was a ‘new’ variant of it that kept it alive – over two years down the line it was still going. Even ‘Conficker’ morphed and changed over the months to help prolong itself. In terms of old techniques being reused, Conficker borrowed from the worms of the past, that made use of floppy-disks and reapplied this in the form of USB thumb drives. So, unfortunately, the world of spam looks to have borrowed some lessons from malware. Twenty years later, we are still fighting malware and fighting more of it than we could ever have imagined.

July 3, 2009 | Filed Under Security, Spam | Leave a Comment 

The bots at the heart of Spam

The button with an emblem of an antispam on the keyboard.My colleagues, at MessageLabs, are reporting that 83% of all Spam messages are sent from botnet infected systems.  It has long understood that one of many uses for botnets is for an infected PC to become a spam relay. The information from MessageLabs is interesting in that it provides data to finally start to size the issue. They also went onto identify the botnets that are responsible for the spam itself. The Cutwail botnet is by far and the biggest culprit, accounting for 45% of all botnet spam, with others like Mega-D, Xarvester, Donbot, Grum, and Rustock making up much of the difference.
  
One other interesting update, contained in the report from MessageLabs, was that Instant Messaging (IM) continues to carry an increasing number of embedded links, that in turn, then lead people to compromised web sites that are then hosting malware. At the end of 2008, MessageLabs Intelligence research indicated that 1 in 200 (0.50%) hyperlinks shared over public instant messaging (IM) applications were identified as malicious, i.e. the website harbored some form of malware designed to perform a drive-by attack on a vulnerable web browser or browser plug-in. In June, the same research was conducted again and highlighted that the threat has increased to 1 in 78 (1.28%) were linked to websites that hosted malicious content.

June 30, 2009 | Filed Under Security, Spam | Leave a Comment 

The state of Spam and Phishing reports for May

spamI thought that you would be interested to learn that in addition to our monthly state of spam report, we have now added a monthly report on Phishing. In May we detected that 42% of phishing URLs were generated using phishing tool-kits. This shows just how prevalent the use of these kits is and how this is helping fuel the automation of these attacks.

Our state of Spam report for May, notes the reemergence of image spam during the month to some 6.5% of all spam (it did climb to 21.9% in one week). One consequence of this is that the average size of spam message has increased. Therefore, we have the annoyance that not only are there more spam emails (nearly 95% in May) and they are larger and take up even more valuable internet bandwidth. This link will take you to both reports.

June 8, 2009 | Filed Under Spam | Leave a Comment 

The state of Spam report: March

The button with an emblem of an antispam on the keyboard.Symantec has just released the latest state of spam report, you can find it here.  As ever, it makes for interesting reading. The bad news is that spam levels continue to drift upwards, reaching 86%. However, the good news, such as it is, is that it is not at the 90% levels that we saw,prior to the McColo takedown  at the end of last year. Last month presented a rich opportunity for the spammers, with Valentine’s Day, The Oscars and the on-going bad economic environment: maybe 86% wasn’t too bad a result?

What was noteworthy was the arrival of ‘green spam’. Yes, the spammers are jumping on the going green bandwagon. We are seeing spam that promises to lower your monthly bills by implementing a variety of green initiatives. I suppose we shouldn’t have expected anything less from them.

March 19, 2009 | Filed Under Spam | Leave a Comment 

Twam, Spam, thank you Mam

The button with an emblem of an antispam on the keyboard.Twitter is hot at the moment and is taking on a  profile and importance that is up there with Facebook, MySpace etc al.  So, it comes as no surprise at all, that the spammers have looked into how they can exploit it. We have grown used to, or is that weary of, email spam. The game then moved onto blogs and the fight against comment spam. Then it was our mobile ‘phones and the rise of SMS based spam. So, there is no surprise that spam has now made its way to micro-blogging, with the target being  Twitter. We now have to mark the arrival of ‘Twam’ and ‘Twammers’. Rich Stennion published an enlightening blog post describing his research into Twitter spam.

Now, the good news is that unlike email, that is open in nature, micro-blogging sites, such as Twitter, are closed. This means you can protect your updates and allows you to screen who will receive your updates. All you need do, is ensure that  in the ‘settings’ and ‘account’ tabs, that you check the ‘protect my updates’ box.

January 28, 2009 | Filed Under Security, Spam | Leave a Comment 

Good news: bad news time

We have spent the last week rejoicing that the world was apparently seeing a little less spam, the result of the rogue ISP McColo having being taken offline. Most people were happy to see action being taken, proof positive that even the rogues can be brought to account. And so, we assumed that was and end to McColo.

However, this feel-good-factor has now been tempered with the news that McColo was able reconnect itself to the internet. It turns out that they had negotiated rights to a backup internet connection via TeliaSonera.  McColo quickly tried to update their servers over the weekend just past, in the hope that there would be a window of opportunity before the security forces could react and shut them down again, which is what happened.

Now, TeliaSonera have done nothing wrong here, they had acted through a retailer (who did nothing wrong either)  who had sold the connection to McColo. What it does point out is that when shutting down rogues like McColo, all the possible approaches that they might employ to reactivate themselves need to be covered off up-front.

November 20, 2008 | Filed Under Security, Spam | Leave a Comment 

Is a response rate of 0.00001% good enough?

Researchers at the University of California, Berkeley and UC, San Diego (UCSD) are reporting that spammers are turning a profit despite only getting one response for every 12.5 million emails sent.  That translates itself into a response rate of circa 0.00001%. Most  direct mail organisations would set the bar at 2% for a ‘good’ campaign.

There is no particular news in the revelation that the spammers live off of sheer volume of spam email. The researchers here were purporting to be a fake pharmacy, peddling a herbal remedy to boost libido. This is pretty much representative, so it does call into question just how profitable it can be for them?  It does bring to the fore the point, that even with spam, the laws of return on investment still apply. With such a low-margin business, they are susceptible to advances in  new anti-spam and security software defences, that would render current techniques and campaigns as not worth it to them. Or, so we can but hope.

UCSD used some interesting tactics with their research. They managed to piggy-back on the ‘Storm’ network that uses hijacked home computers as relays for spam.  The ethics of this are open to debate, particularly when the researched added another 469 million spam emails that the world need not necessarily benefit from.

Full details of the Symantec State of Spam report for November can be found here.

November 10, 2008 | Filed Under Spam | Leave a Comment 

The Barack barrage

Today saw Barack Obama win the race for the White House. In the weeks leading up to  yesterday’s polling day, we were able to watch how the ‘bad guys’ tried a whole slew of tactics to use the election for their own purposes.  In our latest State of Spam report, we identify a couple of Barack Obama themed attacks that were used in October. We got to see a ‘Barackumentary’. Therein, the spammers offered a free DVD about Barack Obama; however, in order to receive the ‘free’ video, recipients were asked to provide personal credit card details to the sender. Regrettably, I am sure we can expect to see a lot of Barack Obama themed exploits in the weeks following his election and in the run-up to his swearing in as the 44nd President of the USA.

Now, no sooner have the Beijing Olympics started to pass into memory than we start to see the London 2012 Olympics start to be exploited by the spammers. We detected a lottery scam around London 2012, wherein the recipient is informed they have won £950K. All they need do is contact the ‘paying agent’ and provide details to collect their ‘winnings’.  And so, with that, the countdown to London 2012 begins in terms of scams, and socially engineered malware attacks.

November 5, 2008 | Filed Under Identity theft, Spam | Leave a Comment 

The state of Spam – September update

Symantec has released its latest ‘State of Spam’ report for September. As ever, it is a useful and insightful read. The overall percentage of email that we define as spam remains at over 80%. This has been consistent, if not annoying, for some time now.  What we have seen increase this month, is the percentage of spam emails that contained links to malware, designed to infect computers with viruses and trojans, rather than simply promoting a spam product.

The spammers plumbed new depths this month. There were emails sent to parents, declaring that they had kidnapped their children and that a ransom must be paid. As proof, they offered an attachment with a photograph of the child. Suffice to say, the attachment is bogus and contains malware. They were hoping that in the panic of getting such an email, a parent would not think and immediately click on the attachment.  It is depressing and outrageous in equal measure.

The spammers are also picking on and using the challenging economic and employment climate to peddle their wares. Given the credit crunch and the rising cost of living, many people find themselves considering an additional part-time job to help make ends meet. We detected bogus recruitment ads this past month. The messages purported to come from an employer offering a part-time position, where its compensation included many enticing benefits. To apply for the position, you had to click on a link, which had an executable attached to it, wherein the malware resided.

If you have the time, take a look at the report. It will amaze you as to the audacity of the spammers and reinforce the scepticism you need when reading through your email.

September 9, 2008 | Filed Under Security, Spam | Leave a Comment 

Next Page »