Page 1 of 2
In November 2008, a curious thing happened. Spam levels plummeted from record highs to almost nothing after ISP McColo was taken offline by its upstream providers, giving users a welcome relief from junk mail as well as reason to question whether spam levels would ever go back to what they once were. Guess what happened?
Since McColo's demise, spam levels have not only skyrocketed, they are more dangerous than ever, rising to previous levels of millions of messages per day and filling inboxes, eating up bandwidth and distributing malware.
As they have for years, computer users are still falling for myriad 419 and product scams.
Experts say that the biggest spam trend in the foreseeable future is sheer volume. According to a Symantec State of Spam report, spam levels rose 5.5 percent from January to February, representing almost 90 percent of all e-mail messages on any given day. Meanwhile, a February M86 Security Labs report notes that the volume of malicious spam has reached 3 billion messages per day, compared with 600 million messages per day in the first half of 2009. And current spam levels are expected to grow as spammers develop automation technologies and spam engines become more powerful in an attempt to overcome equally powerful spam filtering devices and services, experts say.
That exponential increase ultimately causes untold headaches for IT administrators, who are required to manage the spam volumes, meticulously scan logs and then chase down crucial e-mails that get trapped in spam filters. "What businesspeople are more tuned into is the amount of time they waste fooling with it," said Jim Freeman, principal and CFO of Englewood, Colo.-based Attain Technologies, a Microsoft partner.
But in addition to volume, spam now represents an even bigger security threat for businesses -- as the primary vector used to deliver malware. Spam is often used as the initial hook in what are known as blended threats, which combine identity requests such as fake logins or applications, along with an embedded link directing users to a malicious site or video codec or -- although less frequently -- an infected attachment.
Nowadays, the vast majority of spam is driven by botnets -- such as the notorious spam-spewer Cutwail -- which become exponentially bigger as they infect more computers into the spam network. Subsequently, spam is emitted in surges, causing it to spike upward in short, erratic bursts rather than a steady incline with each campaign. "[Botnets are] getting more horsepower behind them," said Derek Manky, cybersecurity and threat researcher at Fortinet's FortiGuard Global Security. "They also seed themselves. They send out a virus in a spam e-mail so they can grow their botnet."
Some of the biggest money-making spam campaigns continue to be the massive pharmaceutical scams -- which now account for 65 percent of all spam, according to Symantec -- as well as fake antivirus downloads and work-from-home ads, driven by spam bots Cutwail, Zues and others.
Experts say that spam campaigns have and will continue to become more targeted and focused in 2010 as spammers, like the rest of the corporate world, find ways to increase their return on investment in a weak global economy. In general, experts say, traditional phishing campaigns are highly permutated -- lasting anywhere from a few hours to a few days -- due, in part, to the immediacy and timeliness of high-profile news items and calendar events used to lure victims, such as holidays, international conflicts, celebrity deaths and natural disasters.
"They do their homework," said Tim Flood, vice president of engineering at Red Condor."And they're extremely well funded."
Not coincidentally, spammers are becoming more technologically sophisticated, developing well-engineered and legitimate-looking attacks. Consequently, spearphishing -- attacks that target executives or administrators with highly individualized messages -- have become more personal and more localized, experts say. Spam campaigns are delivered in native languages, not just grammatically incorrect English, while phishing messages have become more personal, often including references to friends or local businesses and organizations, in an attempt to get the victim to trust the sender enough to respond or click on malicious links embedded in a message. A February Symantec State of Spam report indicates a 16 percent increase in phishing attacks from January, and experts say those numbers are trending upward.
"As people get used to the Nigerian prince oil-payout story, the scammers find alternative ways that seem less out of the ordinary," said Angelos Kottas, principal product manager for Symantec's Brightmail. "Instead of being far-fetched scenarios,they're picking scenarios that can fool a more savvy user."
Experts also say that spammers will be going after the smaller businesses -- such as credit unions or doctor's offices -- which often have fewer resources and defensive layers protecting critical data.
And they are going after high-payout targets. As exhibited most recently in the January Google Aurora attacks, the price of the bounty has increased from just a year ago, while the value of customers' credit card information and Social Security numbers has significantly decreased on the black market to pennies on the dollar. This has compelled spammers and phishers to go after more lucrative payloads, such as intellectual property and other classified information.
"It's a core business issue," said Satnam Narang, threat analyst for M86 Security Labs. "We're seeing a lot of people concerned about it, and that's driving security at a lot of different levels."
But one of the biggest vectors for spam in 2010 will likely not be e-mail but social networking sites, which are becoming the gateway to the most malicious and widespread attacks, experts say.
"Spammers can try to get your personal information using Facebook as a cover, typically in a phishing message, or they can simply ask for Facebook login information," said Eric Park, Symantec abuse desk analyst. "These guys are so sophisticated even a more savvy group of users may fall for it."
The social networking giant Facebook became a prime target for spammers in fall 2009, when a massive blended-threat spam campaign took users to a spoofed Facebook login page and then prompted them to a download "updatetool.exe," which turned out to be a Zbot Trojan variant,according to a Red Condor white paper. And these types of attacks are just the tip of the iceberg now that Facebook has exceeded 400 million users, experts say.
"Individuals have to worry about what shows up in their in-box," added Red Condor's Flood. "What has historically been a nuisance has really become a serious threat."
NEXT: The Spam Solution
