Home > Security News > Spam continues surge as spammers become clever in '07
Security News:
EMAIL THIS LICENSING & REPRINTS

Spam continues surge as spammers become clever in '07

By Robert Westervelt, News Editor
07 Jan 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Spammers continued to send a barrage of unwanted messages in 2007, developing new ways to sneak by antispam software and clog company servers.

Coders are becoming smarter and they're becoming much more difficult to detect.
Alex Shipp,
antivirus technologist, MessageLabs

Security researchers say that as long as spam continues to be a profitable business, the most sophisticated spam filters and other antispam technologies will continue to be thwarted by spam gangs.

Last year saw a growing number of sophisticated messages including image spam, designed to embed a message in the form of an image. Spam campaigns also grew more targeted tricking company executives into clicking links in messages that appeared to be legitimate.

Global spam volumes have doubled this year to 120 billion messages daily, according to Cisco Systems-owned Ironport Systems.

"We thought spammers were Einsteins because they used a different way to package up their message with just one file type," said David Mayer, an Ironport product manager.

As much as 4% of malicious activity also came from addresses from inside Fortune 100 companies, as some employee computers get turned into bots to churn out spam and malicious code, according to Symantec, which also tracks Spam and malware trends.

Spam in the news:
Spam 2.0: New threats and new strategies In the war on spam, new battlefronts are constantly emerging. Learn how security professionals can stay on top of the latest email threats.

Sophisticated spam, employee errors continue unabated: Spam volume continues to climb and grow more dangerous, tricking employees into opening malware laden messages.

Are challenge-response technologies the best way to stop spam? Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity.

Spam crackdown: Bloggers take on the SEC: The Securities and Exchange Commission's crackdown of 35 accused spam pushers is getting a mixed reception by bloggers.

"It's clear that activity is now being pointed toward more commercial type behavior," Zulfikar Ramzan, a senior principal researcher at Symantec.

Symantec's spam figures reflect Ironport's figures, showing a 50% increase in activity over 2006. Ramzan said Symantec also tracked botnets, spam activity, zombies and other internet attacks from within some large enterprises. It's a serious threat, Ramzan said because people using the machines either are not using good computer practices or are doing malicious activity from within the enterprise themselves.

Authorities also began a massive crackdown against spammers in 2007. In May, police arrested Robert Alan Soloway, after years of investigations. He was accused of using botnets to send out millions of spam emails. In all, eight people had been indicted, pleaded guilty or been sentenced for botnet crimes. Spam dipped slightly after his arrest, according to figures provided by Symantec, but any improvements were short lived as spam levels reached and even exceeded levels prior to his arrest.

The FBI launched a second crackdown in November, serving 13 search warrants in the U.S. and by overseas law enforcement partners in connection with the operation.

Botnet sophistication also continued to increase contributing to the rising wave of spam. Alex Shipp, an antivirus technologist for email/IM security vendor, MessageLabs, and told SearchSecurity.com that criminal spam rings are using them to spew malware laced spam.

"Coders are becoming smarter and they're becoming much more difficult to detect," Shipp said.

The family of malware known as Storm, Peacomm and Nuwar morphed in 2007 to be the most resilient and adaptive malicious programs in recent years. Security researchers believe Storm is well into the millions of machines, with some estimates going as high as 50 million infected PCs.

In June, Storm was tweaked to generate PDF files to escape detection from antivirus software and trick employees with emails that look like business letters. The PDF campaign was short lived however, as spammers turned to more profitable methods to dupe employees.

Don't expect any let up in Spam in 2008. Already, Symantec has started seeing the first examples of spam connected to the 2008 Olympics in Beijing, China.

As spammers grow increasingly sophisticated, they will continue to play a cat and mouse game with security vendors, experts say. A technology or method that defeats all spam, is not likely to be a reality in the near future.



Sound Off! -   Be the first to post a message to Sound Off!


Tags: Spam and AntispamPhishingSpyware, Adware and TrojansViruses, Worms and Other MalwareApplication Attacks (Buffer Overflows, Cross-Site Scripting)VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts