Spam Blockers Losing Ground on Sophisticated Attackers


This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."

Download it now to read this article plus other related content.

The current generation of attacks is focused on getting the victim to take action by clicking on a link to navigate to a malicious website, where the attackers can download Trojans, steal personal information and turn the machine into a zombie. This process is called "multi-stage monetization" (see "And the Bot Goes On," below), as an attacker builds a long-term relationship with the victim to turn the device into a profit-generating bot.

Why does this continue to work? Basically, despite all the news stories, commercials about identity theft and other warnings, there are still enough gullible users. It's why con artists continue to live off variations on the same tricks decade after decade.

They may use timely news topics--"See Britney Spears in the Nude or "Bin Laden Reported Dead"--that they hope will generate a lot of clicks. Or, they'll send "holiday greetings" attacks in the form of electronic cards to lure you.

The spammers continue to innovate at an astonishing rate; today, the road to email hell tends to run through Google. Spammers' latest ploy is to have Google index their malicious Web sites, then send around links to Google searches--as opposed to direct links to the sites. That's more likely to fool even an educated user.

"If you click the link, which is a legitimate

    Requires Free Membership to View

www.google.com link, the result is that you get forwarded by Google directly to the spammer's website," says Message-Labs' Sunner.

This is effective because no Web filters are going to block links directly to Google. To add insult to injury, the bad guys can also get advertising revenue through this attack vector.

And the Bot Goes On

CLICK HERE for the "multi-stage monetization" process (PDF).

This was first published in June 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: