Top Spam Trends Of 2010 (So Far)

A Wild Six Months

True to form, spammers capitalized on global news and sporting events such as the Haiti earthquake and World Cup, to effectively generate enough traffic to achieve a hefty ROI. And, perhaps as expected, spam levels are steadily increasing all over the world. However, 2010 also has a few surprises, as spammers continue to think of new ways to deliver spam and phishing attacks. Here is a look at some of the most significant trends so far this year.

Spam Boom

Forget the takedown of spam ISP McColo, the arrest of any number of Spam Kings or any other event that promised a drop in spam levels. Spam has officially reached pre-McColo levels as attackers have regrouped, redistributed their domains, and relied on unstoppable global botnets to automate spam distribution. In fact, according to a May Symantec Hosted Services Report, about nine out of 10 sent e-mails are spam -- comprising 90.2 percent of all e-mail messages -- representing a .3 percent increase from April. And security experts say that the spam train isn't slowing down any time soon.

USA -- Still No. 1

If there is any place that the USA is still generating exports, it is in the spam arena. Spam sent from the USA occupied double digits of all global spam, according to Sophos and Symantec's Hosted Services, followed by India, Brazil and the U.K.

The U.S's consistent lead is likely due to the fact that it still retains the most network infrastructure, resources and cyber "talent" required to create and support massive spam campaigns. However, congruent with international trends, emerging nations India and Brazil are experiencing rapid growth, which are nipping at the heels of U.S. spam production.

Spambots Take It Away

Spambots were responsible for the lions' share of the spam in 2010, accounting for 75 percent of total output, while the top 10 botnets accounted for 89 percent, according to a recent M86 Threat Report. Most spambots are template driven, receiving updates from their command and control server to insert new dates, names, subject lines and spam domains.

The spam spewing Rustock botnet, with a niche specialty in pharmaceutical spam, was responsible for the largest share of the total global output, comprising a whopping 43 percent. Of its many talents, the notorious malware utilizes a kernel mode rootkit, inserts random text into spam from Wikipedia queries, and is capable of TLS encryption.

However, other spambots have gained traction in recent months, such as the Mega-D botnet, which captured 10 percent of the spam "market," as well as Festi, at 8 percent and Pushdo, at 6.3 percent, according to the report. While coming in at No. 4, Pushdo has achieved its reputation as a multi-faceted botnet, with a myriad of campaigns. The botnet is a major distributor of malware downloaders and blended threat e-mails, but also sends pharmaceutical, replica, diploma and other types of spam.

Spamming For Carbon

Yes, that's right. Carbon. Like many entrepreneurs, spammers are thinking outside the box these days as the market becomes more competitive and increasingly saturated. According to an Application Security threat report, spammers have seized on the opportunities created with the cap and trade program aimed at reducing carbon footprints from large industries. Subsequently, scammers have found new opportunities to leverage this burgeoning trend with spearphishing campaigns directed at executives and decision makers in these industries in an effort to steal carbon credits and then resell them to other companies for a significant amount of money.

And their endeavor seems to be working. Thus far hackers have attacked more than 2,000 companies with the scam, according to the report.

The Rise Of Spam Trojan

German security company Eleven reported that Trojans accounted for 69 percent of all malware sent by e-mail, indicating that attackers are using spam messages as part of more sophisticated blended threats. Users will typically receive a spam e-mail, encouraging them to submit information or claim money through some sort of social engineering scheme. Attackers will request that the users then click a link embedded in the message, which will often redirect them to an infected site or a spoofed page requesting personal information or login credentials.

Spam Links

It's probably no coincidence then that a Symantec Hosted Services Threat Report indicated that nine out of 10 spam e-mails have some form of hyperlink or URL embedded in the message. Analysis of the domains revealed that some domains were actually legitimate and appeared several times, the top four of which belonging to major well-known social networking, blogging, file sharing Web sites. Other embedded domains were registered and used within a few days of other short-lived spam campaigns as the malware sites were detected and shut down.

FIFA World Cup Rules

Spam emphasizing the FIFA World Cup zoomed up to record levels beginning in June and ending July, eventually totaling 25 percent of all global spam, according to Symantec Hosted Services. Perhaps surprisingly, much of the World Cup spam was in actuality pharmaceutical spam that baited unsuspecting users with headlines of the World Cup games. Once opened, malicious code redirected the user's browser to an alternate site that would download malware onto users' computers. Some of the most notable subject lines were "Are English soccer clubs worth buying?," "Football: Real Madrid cut Barca's lead" and "Football Ronaldo winner boosts Real"

Other popular World Cup spam this year have included the classic 419-style schemes, in which scammers tricked users into submitting personal data and credit card information by telling them that they were the recipients of a World Cup lottery or prize. Often this kind of "reward" was coupled with promises of tickets to the coveted games in South Africa, and many couldn't resist an offer that sounded too good to be true. Needless to say, victims who handed over personally identifying or financial information to scammers received neither prize, and likely wound up the victim of identity theft or a malware attack.

Big Pharma

Pharmaceutical spam campaigns just keep getting bigger and bigger. German security company Eleven reported that pharmaceutical spam accounted for 87 percent of all spam e-mail during the first half of 2010. The number rose from 66 percent of all spam in March, reaching 87 percent by May.

Meanwhile, an M86 Security Labs Report maintained that 69 percent of the total pharmaceutical spam was from the Canadian Pharmacy, thanks in part to a monstrous pharmaceutical botnet and creative spammers who resorted to just about any tactic to entice users to open e-mails, including promoting e-mail messages with unrelated subject lines.

Spam Goes Social

Sophos underscored in its 2010 Threat Report that 60 percent of users said that they had experienced spam attacks on social networking sites. And this figure will likely increase as more and more users rely on social networks as their primary means of communicating with colleagues, friends and family. Meanwhile, spammers continue to exploit the inherent trust that users feel on social networks, especially when a spam e-mail is disguised from someone that they know. Attackers have mastered the art of sending spam from spoofed users' profiles in order to entice their victims into opening a link, attachment or message.

Haiti Spam: The Spammers Charity

Spammers are notorious for capitalizing on global news events, and 2010 was no exception. In January, island nation Haiti was decimated with an earthquake totaling a 7.0 on the Richter scale, creating news headlines that followed for months following the event. Of course, spammers were among the first to capitalize on the outpouring of goodwill and generosity from the international community, with myriad scams ranging from phony charities and donation requests to product spam hooking users with a "Haiti" subject line and 419 ploys purporting to come from Haitian refugees. Their tactics worked, and scammers walked away with millions of dollars that could have otherwise gone to the suffering Haitian people.

IRS Spam = Goodbye $$

Tax time scams have always been a favorite of hackers. This tactic was particularly lucrative for hackers, in light of a devastating worldwide economic meltdown that caused users to be even more uneasy when it came to their money and government spending. As expected, IRS spam experienced a sharp uptick around March and April as users prepared to submit their online tax returns or waited impatiently for a refund. One scam included a phony letter from the IRS requesting that users resubmit tax documents that purportedly were never received. Others promised a hefty refund, and asked users to "verify" their bank accounts and Social Security numbers.