Malicious spam soars to new level

By Ron Condon, UK Bureau Chief 20 Aug 2008 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

According to new figures from email security firm Marshal Inc, around 30 percent of all spam now comes loaded with some kind of link to malware, marking a dramatic increase in the last few months.

According to Marshal's vice president of products, Bradley Anstis, the operators of botnets are facing an increasingly competitive environment, with the going rate for spammers to send a million spam messages now down to as little as US$5 to $10.

"Service revenues from the botnets are down. So now if they're sending an email message out, they feel they might as well throw some malware in there as well in order to extend their botnet," Anstis says. This type of message usually includes the URL of an infected website, which the recipient of the message is invited to visit.

In its latest half-yearly report on the state of spam, Marshal reports that spam volumes doubled in the year ending June 30 2008, and product spam – which pushes merchandise like replica watches and fake designer accessories - rose significantly, challenging the supremacy of health-related 'pills' spam

Anstis says the whole botnet infrastructure changed last year. "Before…the spammers had their own T1 lines and pumped out their messages. Now they hire capacity from the botnet herders," he says.

The biggest botnets are now run as professional businesses offering service-level agreements and 24-hour support lines. "But you won't find them in the phone book," he says. "You need first to be vetted. They are paranoid about getting busted open by the authorities. The process happens through online forums, where clients have to prove their worth before they can be admitted."

According to Marshal, the bulk of the business rests with a few people. The company found that 75 percent of spam came from just three botnets, and the top seven spamming botnets were responsible for 90 percent of all spam.

Despite the general perception that response rates on product spam are low, Marshal discovered recently, in an online poll of 622 Internet users, that 29.1 per cent of respondents admitted to buying products in response to a spam message. The most commonly purchased items included sexual enhancement pills, software, pornography and luxury items, such as watches, jewellery and clothing.

Most of the malicious spam messages take a different tack, however, and try to send the user to an infected website. Such messages contain subject lines like "Homeless man wins lottery," "Angelina Jolie dies in plane crash," or most recently, "Journalists shot in Georgia".

Once the user goes to the site, the spambot code can be downloaded on to their machine, from where it can make contact with a control server. It then downloads a spam template and a list of email addresses and begins sending out messages without the user's knowledge.

Anstis blames the ISPs for much of the continued success of the spammers. "They are basically making money out of spam, which is pretty frustrating for us. ISPs should be doing more," he says. "ISPs don't all play to the same rulebook. For instance, where we see phishing websites or spoof websites, it can take days to get them taken down."

The anti-spam group, the Spamhaus Project, agrees. On its website (www,spamhaus.org), the group does not mince its words: "Spam continues to plague the Internet because a small number of large Internet Service Providers sell service knowingly to professional spammers for profit, or do nothing to prevent spammers operating from their networks."

The Spamhaus group then goes on to name the top 10 worst culprits. The list of providers is headed by iPlan Inc. of Argentina. France Telecom Inc. was recognized fifth, and the UK-based SkyVision Inc. took the 10th position.

Tags: Email and Instant Messaging Security,  Endpoint and NAC Protection,  Threat and Vulnerability Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email and Instant Messaging Security Websense integrated security system aims to simplify security management Preventing phishing attacks: Enterprise best practices Chinese hacker attacks target Google Gmail accounts, top tech firms PDF attack code complicates security analysis, skirts detection Understand role-based access control in Microsoft Exchange 2010 Yahoo login credentials at risk to hijacking attack Top spammer gets four years in jail for stock fraud scheme M86 buys Web security gateway vendor Finjan Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Endpoint and NAC Protection How to prevent iPhone spying: mobile phone management tips Considering two-factor authentication? Do cost, risk analysis Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Voice data security risks on the rise, say experts The value of booting from a VHD in Windows 7 Thin-client technologies surge thanks to easier security, says Deloitte A closer look at Internet Explorer 8 security features USB drive security best practices and processes First step in forensics: Create a bootable Windows environment CD Protecting enterprise networks from new mobile application downloads Threat and Vulnerability Management Zeus botnet temporarily disrupted, but back in full force Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Computer Misuse Act 1990  (SearchSecurityUK.com) Regulation of Investigatory Powers Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary