Spam declines, Web-based attacks rise, says MessageLabs

By Robert Westervelt, News Editor 04 Dec 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Spam levels are down slightly in 2008, but Web-based attacks are skyrocketing, fueled by attackers defeating websites and tricking users of social networks, according to an annual report released by Symantec's MessageLabs.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

MessageLabs, a managed messaging security services provider that tracks spam, phishing and Web-based attacks, said the annual average spam rate was 81.2% in 2008, a decline of 3.4% from a year ago.

Nearly all the spam is being distributed by botnets. Paul Wood, a senior analyst for MessageLabs, said the spam decline can be attributed to the de-accreditation of EstDomains, an ISP suspected by many to be hosting the command and control channels for botnets and the shut down of McColo Corp., which was known to be a hosting provider for spammers and malware pushers. The Srizbi botnet, which was responsible for 50% of all spam globally was affected immediately, Wood said.

"Although Srizbi still existed, it was unable to connect to its command and control channel," he said. "Rival botnets have been taking up the slack but they haven't reached the same level they were at before."

Related information: New wave of SQL injection attacks alarm researchers: Researchers are uncovering a wave of SQL injection attacks, suggesting that attackers are finding it easy to compromise new targets. McColo shutdown won't stop spam, malware, warn security experts: Increased cooperation among security researchers and ISPs are resulting in victories against spammers and botnet operators. But, cybercriminals move to new spots on the Internet. Facebook wins spam lawsuit: A Canadian man, Adam Guerbuez must pay $873 million for hacking into the profiles of Facebook members to send them spam messages advertising porn sites and male enhancement pills. ICANN transfers EstDomains customers to Directi: The action comes more than a month after ICANN originally notified EstDomains of its decision to de-accredit the regitsrar, which is based in Estonia. Spam Blockers Losing Ground on Sophisticated Attackers: SPAM Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump countermeasures and refine their focus on high-value targets.

Although Srizbi hasn't returned to its normal level of activity, Wood said it was designed to stay active and will likely find alternative hosting, bringing the volume of spam back to previous levels.

"The operations that were disrupted really as a result of community action, but it's a lot of work," Wood said.

More alarming is the use of complex Web-based malware to infiltrate social networks and target flaws in legitimate websites. The daily number of new websites containing malware rose from 1,068 in January to its peak at 5,424 in November, MessageLabs noted in its report. Attackers are turning to social networks to design extremely targeted social engineering attacks, Wood said. Spammers and phishers set up fake profiles to try to draw fake friend requests and then begin harvesting information they can use before making their move, he said.

"If they know your background and the contacts you have they could take advantage of that in their communications and so far it's been extremely successful for them," he said.

A Canadian man was recently ordered to pay $873 million in damages to Facebook for hacking into the profiles of its members and using his companies to spam them with sexually explicit messages.

SQL injection attacks also fueled the increase. The average number of new malicious websites blocked each day rose to 2,290 in 2008 compared with 1,253 for 2007, an increase of nearly 83%, MessageLabs said. The increase can at least be partially attributed to the strength of the Asprox botnet.

Designed for phishing scams, the Asprox botnet owners tweaked it adding code that makes it target vulnerable websites, Wood said. Asprox tries to exploit a flaw in the website and then injects malicious code in the database behind the website. When a victim lands on a compromised website they don't realize malicious code is being loaded via their browser, spreading the botnet.

SearchSecurity radio:

"These are not necessarily dodgy websites," Wood said. "It's usually Java script that tries to target a vulnerable browser in various ways, the computer gets compromised, they become part of the botnet and the trend continues."

MessageLabs, which has been tracking spam volumes and noting phishing and malware trends since 2005, said it will continue to release reports on the threat landscape. Symantec acquired MessageLabs in October. The acquisition was completed on Nov. 14.

Tags: Malware, Viruses, Trojans and Spyware,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Hacker Tools and Techniques: Underground Sites and Hacking Groups,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises PCI compliance requirement 5: Antivirus Hacker attack techniques and tactics: Understanding hacking strategies Rootkit Hunter demo: Detect and remove Linux rootkits Botnet threats and countermeasures Conficker worm much smaller than feared Application Attacks (Buffer Overflows, Cross-Site Scripting) PCI management: The case for Web application firewalls Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw How to detect input validation errors and vulnerabilities Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Hacker Tools and Techniques: Underground Sites and Hacking Groups Juniper pulls ATM hacking presentation from Black Hat Botnet platform helps cybercriminals bid for zombie PCs Man pleads guilty in online banking hacking scam ATM malware lets attackers take over machines The failing war against cybercriminals Hacker attack techniques and tactics: Understanding hacking strategies The Pipe Dream of No More Free Bugs Government needs a plan to limit Web usage during a security crisis Mobile phones win during Pwn2Own contest Black Hat DC 2009: Joanna Rutkowska on Intel TXT flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary