Spam levels are down slightly in 2008, but Web-based attacks are skyrocketing, fueled by attackers defeating websites and tricking users of social networks, according to an annual report released by Symantec's MessageLabs.
To get security news and tips delivered to your inbox,
MessageLabs, a managed messaging security services provider that tracks spam, phishing and Web-based attacks, said the annual average spam rate was 81.2% in 2008, a decline of 3.4% from a year ago.
Nearly all the spam is being distributed by botnets. Paul Wood, a senior analyst for MessageLabs, said the spam decline can be attributed to the de-accreditation of EstDomains, an ISP suspected by many to be hosting the command and control channels for botnets and the shut down of McColo Corp., which was known to be a hosting provider for spammers and malware pushers. The Srizbi botnet, which was responsible for 50% of all spam globally was affected immediately, Wood said.
"Although Srizbi still existed, it was unable to connect to its command and control channel," he said. "Rival botnets have been taking up the slack but they haven't reached the same level they were at before."
McColo shutdown won't stop spam, malware, warn security experts: Increased cooperation among security researchers and ISPs are resulting in victories against spammers and botnet operators. But, cybercriminals move to new spots on the Internet.
Facebook wins spam lawsuit: A Canadian man, Adam Guerbuez must pay $873 million for hacking into the profiles of Facebook members to send them spam messages advertising porn sites and male enhancement pills.
ICANN transfers EstDomains customers to Directi: The action comes more than a month after ICANN originally notified EstDomains of its decision to de-accredit the regitsrar, which is based in Estonia.
Spam Blockers Losing Ground on Sophisticated Attackers: SPAM Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump countermeasures and refine their focus on high-value targets.
Although Srizbi hasn't returned to its normal level of activity, Wood said it was designed to stay active and will likely find alternative hosting, bringing the volume of spam back to previous levels.
"The operations that were disrupted really as a result of community action, but it's a lot of work," Wood said.
More alarming is the use of complex Web-based malware to infiltrate social networks and target flaws in legitimate websites. The daily number of new websites containing malware rose from 1,068 in January to its peak at 5,424 in November, MessageLabs noted in its report. Attackers are turning to social networks to design extremely targeted social engineering attacks, Wood said. Spammers and phishers set up fake profiles to try to draw fake friend requests and then begin harvesting information they can use before making their move, he said.
"If they know your background and the contacts you have they could take advantage of that in their communications and so far it's been extremely successful for them," he said.
A Canadian man was recently ordered to pay $873 million in damages to Facebook for hacking into the profiles of its members and using his companies to spam them with sexually explicit messages.
SQL injection attacks also fueled the increase. The average number of new malicious websites blocked each day rose to 2,290 in 2008 compared with 1,253 for 2007, an increase of nearly 83%, MessageLabs said. The increase can at least be partially attributed to the strength of the Asprox botnet.
Designed for phishing scams, the Asprox botnet owners tweaked it adding code that makes it target vulnerable websites, Wood said. Asprox tries to exploit a flaw in the website and then injects malicious code in the database behind the website. When a victim lands on a compromised website they don't realize malicious code is being loaded via their browser, spreading the botnet.
"These are not necessarily dodgy websites," Wood said. "It's usually Java script that tries to target a vulnerable browser in various ways, the computer gets compromised, they become part of the botnet and the trend continues."
MessageLabs, which has been tracking spam volumes and noting phishing and malware trends since 2005, said it will continue to release reports on the threat landscape. Symantec acquired MessageLabs in October. The acquisition was completed on Nov. 14.