Spam continues surge as spammers become clever in '07

By Robert Westervelt, News Editor 07 Jan 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Spammers continued to send a barrage of unwanted messages in 2007, developing new ways to sneak by antispam software and clog company servers.

Coders are becoming smarter and they're becoming much more difficult to detect. Alex Shipp, antivirus technologist, MessageLabs

Security researchers say that as long as spam continues to be a profitable business, the most sophisticated spam filters and other antispam technologies will continue to be thwarted by spam gangs.

Last year saw a growing number of sophisticated messages including image spam, designed to embed a message in the form of an image. Spam campaigns also grew more targeted tricking company executives into clicking links in messages that appeared to be legitimate.

Global spam volumes have doubled this year to 120 billion messages daily, according to Cisco Systems-owned Ironport Systems.

"We thought spammers were Einsteins because they used a different way to package up their message with just one file type," said David Mayer, an Ironport product manager.

As much as 4% of malicious activity also came from addresses from inside Fortune 100 companies, as some employee computers get turned into bots to churn out spam and malicious code, according to Symantec, which also tracks Spam and malware trends.

Spam in the news: Spam 2.0: New threats and new strategies In the war on spam, new battlefronts are constantly emerging. Learn how security professionals can stay on top of the latest email threats. Sophisticated spam, employee errors continue unabated: Spam volume continues to climb and grow more dangerous, tricking employees into opening malware laden messages. Are challenge-response technologies the best way to stop spam? Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity. Spam crackdown: Bloggers take on the SEC: The Securities and Exchange Commission's crackdown of 35 accused spam pushers is getting a mixed reception by bloggers.

"It's clear that activity is now being pointed toward more commercial type behavior," Zulfikar Ramzan, a senior principal researcher at Symantec.

Symantec's spam figures reflect Ironport's figures, showing a 50% increase in activity over 2006. Ramzan said Symantec also tracked botnets, spam activity, zombies and other internet attacks from within some large enterprises. It's a serious threat, Ramzan said because people using the machines either are not using good computer practices or are doing malicious activity from within the enterprise themselves.

Authorities also began a massive crackdown against spammers in 2007. In May, police arrested Robert Alan Soloway, after years of investigations. He was accused of using botnets to send out millions of spam emails. In all, eight people had been indicted, pleaded guilty or been sentenced for botnet crimes. Spam dipped slightly after his arrest, according to figures provided by Symantec, but any improvements were short lived as spam levels reached and even exceeded levels prior to his arrest.

The FBI launched a second crackdown in November, serving 13 search warrants in the U.S. and by overseas law enforcement partners in connection with the operation.

Botnet sophistication also continued to increase contributing to the rising wave of spam. Alex Shipp, an antivirus technologist for email/IM security vendor, MessageLabs, and told SearchSecurity.com that criminal spam rings are using them to spew malware laced spam.

"Coders are becoming smarter and they're becoming much more difficult to detect," Shipp said.

The family of malware known as Storm, Peacomm and Nuwar morphed in 2007 to be the most resilient and adaptive malicious programs in recent years. Security researchers believe Storm is well into the millions of machines, with some estimates going as high as 50 million infected PCs.

In June, Storm was tweaked to generate PDF files to escape detection from antivirus software and trick employees with emails that look like business letters. The PDF campaign was short lived however, as spammers turned to more profitable methods to dupe employees.

Don't expect any let up in Spam in 2008. Already, Symantec has started seeing the first examples of spam connected to the 2008 Olympics in Beijing, China.

As spammers grow increasingly sophisticated, they will continue to play a cat and mouse game with security vendors, experts say. A technology or method that defeats all spam, is not likely to be a reality in the near future.

Tags: Malware, Viruses, Trojans and Spyware,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises PCI compliance requirement 5: Antivirus Hacker attack techniques and tactics: Understanding hacking strategies Rootkit Hunter demo: Detect and remove Linux rootkits Botnet threats and countermeasures Conficker worm much smaller than feared New Conficker variant has ties to Storm botnet Conficker leaves security industry looking clueless Conficker updates with no problems reported Application Attacks (Buffer Overflows, Cross-Site Scripting) Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw How to detect input validation errors and vulnerabilities Vulnerability test methods for application security assessments Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Email and Messaging Threats (spam, phishing, instant messaging) Chained Exploits: How to prevent phishing attacks from corporate spies 3FN.net ISP shutdown interrupts spam campaigns Swine flu outbreak results in spam pandemic What does 'invoked by uid 78' mean? Economy fuels malware, spam Internet Explorer 8 includes a bevy of security features Adobe JBIG2 exploits being spammed, IBM warns Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Cisco offers more email security choices, but lacks vision Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary