News Stay informed about the latest enterprise technology news and product updates.

Spam levels surge to unprecedented levels

Attackers are using stealth malware and infected images to send spam levels through the roof, according to reports from Postini and Sophos.

No, you're not imagining things. You have been getting a lot of spam lately.

This is an all-time high, and it shows that spammers are increasingly aggressive and sophisticated in their techniques.
Daniel Druker,
executive vice president of marketingPostini Inc.

That's because digital miscreants are using contaminated images and stealthy malware to unleash unsolicited email at unprecedented levels, according to new research from San Carlos, Calif.-based Postini Inc. and UK-based Sophos. Attackers use these tactics to hijack computers and turn them into spam relays, often without the user's knowledge.

"Bot activity is the major driver here," said Daniel Druker, Postini's executive vice president of marketing. "Bot-infected machines become part of these zombie PC armies that are used to push out spam."

Postini has watched spam levels spike by nearly 60% in the last eight weeks, and Druker said 91% of all email is now spam. Over the past 12 months, the daily volume of spam rose by 120%, he added. Postini monitors 10 million users across 36,000 businesses worldwide. Of that number, the average user gets seven wanted emails a day, while Postini blocks 77 unwanted emails a day.

"That's for the average user," he said. "This is an all-time high, and it shows that spammers are increasingly aggressive and sophisticated in their techniques."

Postini has tracked more than a million bot-infected computers that coordinate spam and malware attacks each day. About 50,000 of these machines are active at any given moment, Druker said.

Spam attacks:
Image spam paints a troubling picture

Thwarting spam from the inside and the outside

Enterprise-level spam filters

Security Blog Log: Confessions of a spam gangsta

Quiz: Canning spam

He added that spammers are also continuously evolving their tactics. Spam that includes contaminated images and Microsoft Office documents now account for as much as 30% of all junk messages, up from 2% in 2005.

"Hackers now use techniques such as rearranging as many as 25 tiny images into a message in an HTML email or using animated .gif attachments to bypass optical character recognition technology in an effort to bypass email security systems," Druker said.

The company also found that spam surges are almost always tied to malware outbreaks. "A few weeks after a virus outbreak we see a big up tick in spam," he said.

The overall nature of spam has also changed, he said. Spam used to be the product of annoying but relatively harmless marketers. Now it's being produced by organized criminal operations.

"The economics are clearly in favor of the bad guys because it costs nothing to make a virus and spam run. But for businesses it's very costly," Druker said. "Spam isn't just clogging email servers. It's coming embedded with malicious links that can be used to infect the network. Phishing and other fraud is a huge factor -- spamming out URLS that could be used to steal your personal data or infect your machine."

Sophos Senior Technology Consultant Graham Cluley agreed with that assessment.

"The sheer number of compromised PCs means that the amount of spam flying about the net is higher than ever," Cluley said.

The increased use of image spam is particularly bad, he said, because antispam filters still struggle to identify and stop it.

For the third quarter of 2006, Cluley said the top five spam-relaying countries were:

  • United States, 21.6%
  • China, 13.4%
  • France, 6.3%
  • South Korea, 6.3%
  • Spain, 5.8%

Sophos concluded that a possible reason for America's increasing lead in relayed spam when compared to its closest rival, China, is the emergence of over 300 strains of the mass-spammed Stratio worm. The worm, also known as Stration and Warezov, "uses a trick dependent on the victim being able to speak English in its attempt to convert innocent PCs into members of a spam botnet," Sophos said on its Web site.

The use of spam containing embedded images currently accounts for nearly 40% of all spam, by Sophos' count. The vast majority of that type of spam is being used in "pump-and-dump" stock spam campaigns.

"This trick gives spammers a better chance of having their messages read, since images can avoid detection by those antispam filters that can only analyze textual content," Sophos said. "Often, image spam is animated to further help the message bypass the filter. Having multiple layers of images loaded on top of each other adds noise, which complicates the message by making every one unique."

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.