Despite the proliferation of anti-spam solutions on the market, spam volume has reached epidemic proportions, writes Dan Hubbard, vice-president of security research at Websense.
According to the Radicati Group, spam accounted for 75 per cent of worldwide e-mail traffic in 2007, with this figure expected to rise to 82 per cent by 2011. Even with low response rates and better spam detection technology, spam continues to be on the rise because unethical marketers and cybercriminals alike acknowledge it as the cheapest method to reach the widest possible audience for lucrative financial gain.
From a security research perspective, Websense Security Labs has seen spammers not only change their techniques across e-mail, but also using other forms of Internet communication. In addition to the traditional method of sending out spam over e-mail, attackers increasingly use web-based spam to post URLs to malicious sites within blogs, forums, in the "talk-back" sections of news sites and on compromised websites. This "link spam" lures traffic to infected websites and helps the purveyor's site sit higher on search engine rankings, thereby increasing the risk that users will visit the compromised site. Earlier this year, Websense found that 65 per cent of all unwanted e-mails contained a link to a malicious website.
Spam has become a global medium for cybercriminals who are combining new techniques, using bot networks and advanced ways of evading traditional spam filters. As we've seen with the Storm writers, the new techniques make it extremely difficult to track and take down the bot networks that are illegally distributing traditional spam and also malware, often designed to steal company or personal information for the financial benefit of the spammer.
In 2007, we also saw spammers increasingly use new media types to reach their targets. In some "pump and dump" stock campaigns, we saw spammers embedding images in PDF files, XLS and text attachments. Some speculate that video spam will be the next frontier as internet users increasingly download video files.
New spam techniques will increasingly extend into voice in 2008, with the vast mobile phone market open to exploitation through 'vishing' for financial gain. The practice of using social engineering and Voice over IP to gain personal information and voice spam will combine and increase. Users will receive automated voice calls on LAN lines with voice spam to lure them to input their details using the telephone.
We also saw resurgence in spamming using hosted data centres. Spammers go to great lengths to avoid having their IP addresses blacklisted by targeting certain regions and organisations with accurate distribution lists and trusted reputations. They register companies, domains, SPF records and corresponding Web sites, and craft e-mails in an attempt to appear legitimate. Typically, the spammer is able to remain globally undetected for up to a month before moving on, often before having to pay any bill for the services used.
To avoid detection by e-mail reputation systems, spammers are deploying bots designed to break CAPTCHAs in order to register accounts on legitimate e-mail hosting services such as Microsoft Live/Hotmail and Gmail. This allowed spammers to send out spam coming from addresses that have "good" reputations.
With spam techniques growing in sophistication, it is becoming more difficult to differentiate e-mail-borne threats from harmless junk e-mail. Accurate and timely detection of spam can only be done by classifying e-mail content along with senders' reputations. Companies may want to use hosted e-mail security services alongside their in-house security systems to keep up with the rapidly changing techniques that spammers employ to evade detection.
This was first published in April 2008