Commerce, Featuring News, Press Releases, IT Directory & Links
Spam Volume Doubles and is More Likely to be Malicious
Published 14th August 2008
Marshal TRACE midyear threat report warns 45 per cent of Internet users are at risk from new cyber criminal tactics...
LONDON, 12 August 2008 – Cyber criminals are using ‘blended attacks’ to distribute malware and links to hacked websites via email on an unprecedented scale. Unpatched browsers are putting more than 45 per cent of Internet users at risk when they visit legitimate websites infected with malicious code. Three botnets are responsible for 75 per cent of all spam, pumping out billions of messages every hour through zombie clients and being used to launch mass attacks on websites. These are the key findings of the Marshal Threat Research and Content Engineering (TRACE) report for the first half of 2008.
In an alarming new development, spam being sent from webmail accounts that had been automatically created using CAPTCHA-breaking technology was seen to be on the increase, rendering common anti-spam defences such as reputation less effective. CAPTCHA or Completely Automated Public Turing Test to tell Computers & Humans Apart was developed by Carnegie Mellon University to prevent spam robots exploiting Web forms.
In a departure from unsolicited messages pushing pharmaceuticals or counterfeit products, TRACE also identified a major increase in spam used to infect computers with Trojan malware. During the same period, many of the most popular websites were found to be hosting malicious software, designed to steal data or add PCs to botnets. The TRACE team identified 1.5 million websites infected by a botnet attack in May 2008.
Marshal’s TRACE team uses a network of bait machines and honey-pot accounts to continuously monitor spam, phishing attacks, Botnets and malware, and identify new tactics employed by spammers and cyber criminals. In the six months ending in June 2008, the TRACE team saw spam volumes double, with the Srizbi botnet identified as the most prolific offender, capable of pushing out 7.8 billion messages an hour. The world’s largest botnet, Srizbi, controls more than 315,000 infected machines sending 50 percent of all spam, followed by Rustock and Mega-D botnets, generating 14 percent each. Marshal traced 90 percent of all spam to just seven botnets, indicating millions of Trojan-infected computers worldwide. The report notes a reduction in the use of gimmicks such as image spam (down to one percent), with spammers reverting to social engineering to dupe recipients into opening malicious messages, using sensational subject lines relating to the economic crisis or celebrity deaths.
Commenting on this year’s findings, Bradley Anstis, VP Products, Marshal said, “Spammers are moving en masse to the Web and distributing malware on a scale not seen before. Criminals are not bothering to set up their own sites; they are infecting legitimate sites with malicious code. We can no longer rely on traditional URL filtering lists because the ‘safe’ sites may no longer warrant that trust. The use of webmail accounts to send spam makes IP reputation or message header inspection less effective because the spam is generated using Gmail, Yahoo and Hotmail, so the messages will appear to come from legitimate sources. In our view, the use of botnets to launch mass website attacks is the most concerning issue to arise so far in 2008.”
Although TRACE reports that phishing represented just 0.5 percent of all spam over the last six months, the TRACE report draws attention to the flaw in the Domain Name System (DNS) identified by security expert Dan Kaminsky in early 2008. The flaw could have been exploited by criminals to redirect Internet users to phishing websites, even if they typed the correct URL into their browser. Microsoft distributed a patch for the flaw on July 8th; however, a patching delay by some ISPs increased the online threat to users.
“We are now in the situation where spam accounts for almost 90 percent of all email and increasingly contains links to infected sites. Companies really need to employ a combination of email security gateways that have anti-spam protection using multiple techniques to block malicious content and Secure Web Gateway products that do not just rely on URL filtering but actually scan the content that end users are downloading and uploading in real-time, concludes Anstis.
The Marshal TRACE Mid Year 08 report is available at http://www.marshal.com/trace