Spam continues surge as spammers become clever in '07

By Robert Westervelt, News Editor 07 Jan 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Spammers continued to send a barrage of unwanted messages in 2007, developing new ways to sneak by antispam software and clog company servers.

Coders are becoming smarter and they're becoming much more difficult to detect. Alex Shipp, antivirus technologist, MessageLabs

Security researchers say that as long as spam continues to be a profitable business, the most sophisticated spam filters and other antispam technologies will continue to be thwarted by spam gangs.

Last year saw a growing number of sophisticated messages including image spam, designed to embed a message in the form of an image. Spam campaigns also grew more targeted tricking company executives into clicking links in messages that appeared to be legitimate.

Global spam volumes have doubled this year to 120 billion messages daily, according to Cisco Systems-owned Ironport Systems.

"We thought spammers were Einsteins because they used a different way to package up their message with just one file type," said David Mayer, an Ironport product manager.

As much as 4% of malicious activity also came from addresses from inside Fortune 100 companies, as some employee computers get turned into bots to churn out spam and malicious code, according to Symantec, which also tracks Spam and malware trends.

Spam in the news: Spam 2.0: New threats and new strategies In the war on spam, new battlefronts are constantly emerging. Learn how security professionals can stay on top of the latest email threats. Sophisticated spam, employee errors continue unabated: Spam volume continues to climb and grow more dangerous, tricking employees into opening malware laden messages. Are challenge-response technologies the best way to stop spam? Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity. Spam crackdown: Bloggers take on the SEC: The Securities and Exchange Commission's crackdown of 35 accused spam pushers is getting a mixed reception by bloggers.

"It's clear that activity is now being pointed toward more commercial type behavior," Zulfikar Ramzan, a senior principal researcher at Symantec.

Symantec's spam figures reflect Ironport's figures, showing a 50% increase in activity over 2006. Ramzan said Symantec also tracked botnets, spam activity, zombies and other internet attacks from within some large enterprises. It's a serious threat, Ramzan said because people using the machines either are not using good computer practices or are doing malicious activity from within the enterprise themselves.

Authorities also began a massive crackdown against spammers in 2007. In May, police arrested Robert Alan Soloway, after years of investigations. He was accused of using botnets to send out millions of spam emails. In all, eight people had been indicted, pleaded guilty or been sentenced for botnet crimes. Spam dipped slightly after his arrest, according to figures provided by Symantec, but any improvements were short lived as spam levels reached and even exceeded levels prior to his arrest.

The FBI launched a second crackdown in November, serving 13 search warrants in the U.S. and by overseas law enforcement partners in connection with the operation.

Botnet sophistication also continued to increase contributing to the rising wave of spam. Alex Shipp, an antivirus technologist for email/IM security vendor, MessageLabs, and told SearchSecurity.com that criminal spam rings are using them to spew malware laced spam.

"Coders are becoming smarter and they're becoming much more difficult to detect," Shipp said.

The family of malware known as Storm, Peacomm and Nuwar morphed in 2007 to be the most resilient and adaptive malicious programs in recent years. Security researchers believe Storm is well into the millions of machines, with some estimates going as high as 50 million infected PCs.

In June, Storm was tweaked to generate PDF files to escape detection from antivirus software and trick employees with emails that look like business letters. The PDF campaign was short lived however, as spammers turned to more profitable methods to dupe employees.

Don't expect any let up in Spam in 2008. Already, Symantec has started seeing the first examples of spam connected to the 2008 Olympics in Beijing, China.

As spammers grow increasingly sophisticated, they will continue to play a cat and mouse game with security vendors, experts say. A technology or method that defeats all spam, is not likely to be a reality in the near future.

Tags: Malware, Viruses, Trojans and Spyware,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary