Despite the proliferation of anti-spam solutions on the
market, spam volume has reached epidemic proportions, writes
Dan Hubbard, vice-president of security research atWebsense.
According to the Radicati
Group, spam accounted for 75 per cent of worldwide e-mail
traffic in 2007, with this figure expected to rise to 82 per cent
by 2011. Even with low response rates and better spam detection
technology, spam continues to be on the rise because unethical
marketers and cybercriminals alike acknowledge it as the cheapest
method to reach the widest possible audience for lucrative
financial gain.
From a security research perspective, Websense Security Labs has
seen spammers not only change their techniques across e-mail, but
also using other forms of Internet communication. In addition to
the traditional method of sending out spam over e-mail, attackers
increasingly use web-based spam to post URLs to malicious sites
within blogs, forums, in the "talk-back" sections of news sites and
on compromised websites. This "link spam" lures traffic to infected
websites and helps the purveyor's site sit higher on search engine
rankings, thereby increasing the risk that users will visit the
compromised site. Earlier this year, Websense found that 65 per
cent of all unwanted e-mails contained a link to a malicious
website.
Spam has become a global medium for cybercriminals who are
combining new techniques, using bot networks and advanced ways of
evading traditional spam filters. As we've seen with the
Storm writers, the new techniques make it extremely difficult
to track and take down the bot networks that are illegally
distributing traditional spam and also malware, often designed to
steal company or personal information for the financial benefit of
the spammer.
In 2007, we also saw spammers increasingly use new media types
to reach their targets. In some "pump and dump" stock campaigns, we
saw spammers embedding images in PDF files, XLS and text
attachments. Some speculate that video spam will be the next
frontier as internet users increasingly download video files.
New spam techniques will increasingly extend into voice in 2008,
with the vast mobile phone market open to exploitation through
'vishing' for financial gain. The practice of using social
engineering and Voice over IP to gain personal information and
voice spam will combine and increase. Users will receive automated
voice calls on LAN lines with voice spam to lure them to input
their details using the telephone.
We also saw resurgence in spamming using hosted data centres.
Spammers go to great lengths to avoid having their IP addresses
blacklisted by targeting certain regions and organisations with
accurate distribution lists and trusted reputations. They register
companies, domains, SPF records and corresponding Web sites, and
craft e-mails in an attempt to appear legitimate. Typically, the
spammer is able to remain globally undetected for up to a month
before moving on, often before having to pay any bill for the
services used.
To avoid detection by e-mail reputation systems, spammers are
deploying bots designed to break
CAPTCHAs in order to register
accounts on legitimate e-mail hosting services such as Microsoft
Live/Hotmail and Gmail. This allowed spammers to send out spam
coming from addresses that have "good" reputations.
With spam techniques growing in sophistication, it is becoming
more difficult to differentiate e-mail-borne threats from harmless
junk e-mail. Accurate and timely detection of spam can only be done
by classifying e-mail content along with senders' reputations.
Companies may want to use hosted e-mail security services alongside
their in-house security systems to keep up with the rapidly
changing techniques that spammers employ to evade detection.
>>
Computer Weekly Infosecurity show guide and preview