Close this Advertisement

Campus Security | News

Report: Spam Dominates E-Mail, Grows 14 Percent in 2010

  • By Dian Schaffhauser
  • 07/21/10

The volume of e-mail and Web threats continues increasing, and United States-based servers are hosting more than twice as much malicious code as the next two contenders combined, according to the latest security report from M86 Security, which sells security software. The report, which covers the first half of 2010, noted several trends: Spammers are trying out new developments to circumvent security controls and using increasingly sophisticated attacks; spam and mass Web site infections continue to be huge problems; and many of the exploits take advantage of legacy software vulnerabilities that have long been patched by the vendors but not necessarily by users.

Based on M86 research the volume of spam has grown by 14 percent in the first six months of 2010, totaling about 88 percent of all inbound e-mail to organizations. However, just five botnets are responsible for three-quarters of that spam. Aside from consuming network resources, this spam is the primary means for distributing and advertising malware, the authors explained.

Two bots, in particular, generate more than half of that spam. The top one is Rustock, which produces 43 percent of all spam. Coming in second is Mega-D, which generates 10 percent. Both are template driven, according to M86, which allows them to "generate variety" to avoid quick detection by filtering programs; the spam-sending component periodically contacts a control server for a new spam template. The goal of both forms of spam is to promote cheap drugs and pharmacies online--a category that dominates, making up nearly 81 percent of all spam.

As reported previously by the company, botnet operators sign up for affiliate programs and take a cut of every sale generated by their spam. In fact, M86 recommends that the efforts to limit spam by taking down rogue ISPs be redirected to targeting Canadian Pharmacy specifically, which pays a hefty referral fee for successful transactions. This brand generates 67 percent of all spam and is the same one promoted through Rustock and Mega-D. Taking down Canadian Pharmacy, said the report's authors, "might make a bigger impact on spam than targeting the ISPs."

Interestingly, contrary to popular belief, China and Russia don't host most of the malicious code driving bots. That dubious feat, according to M86, is held by the United States, which hosts 43 percent of all malicious code (versus 14 percent for China and four percent for Russia).

The report also offered an interesting explanation about how the coordinated attacks that recently struck Google, Adobe, and Juniper worked by exploiting the built-in trust among friends on social networks. "The perfect example of such an attack is Operation Aurora," the authors wrote. "The attacks began by identifying employees at the target organization that might have credentials to access the information the attackers were after. The next step was to infiltrate the social networks of these employees, since there is an inherent trust placed in one's social network. The goal was to send messages to the targeted employees from contacts within these social networks, lowering the targets' suspicion level and improving the chances that they would click the link in the message." The links in those messages pointed to a Web page with an exploit for Internet Explorer. Once that attack succeeded, the operation would hunt for ever higher level credentials and more workstations to exploit.

The report also covered the automated widespread infection of legitimate Web sites by the returning Asprox botnet, one that has been around since 2007 but that has evolved from being used for phishing e-mails to include SQL injection functionality. In June, M86 Security Labs found that the number of infected Web sites went from 2,000 to 13,000 in just a few days, illustrating the highly automated nature of the Asprox attacks, and the fact that many Web sites remain vulnerable.

Because existing techniques for "covering their tracks" are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect, noted the authors. For example, to limit the effectiveness of security detection mechanisms in use currently, the attack might try splitting malicious code between Adobe ActionScript language--built into Adobe flash--and JavaScript components on the Web page.

The report offered several recommendations for countering the threats of malware, including educating users--particularly on how to identify authentic e-mail and links and use social network privacy settings--and staying up to date with patches and software versions.

About the Author

Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at dian@dischaffhauser.com.

Comments

Thu, Jun 23, 2011 Spam-ee Virginia

1105Media are just ticked off that all these spam outlets are putting out more SPAM than they are, and revenues are down because of it. So for all your spam needs, e-mail 1105media.com

Mon, Mar 28, 2011 Editor

Derrick, you should understand the editors and writers here at 1105 and at other publishing companies are as against spam as you are. I don't know what's happening in your case, but we don't like our names being associated with the kinds of activities you've described. What you've posted here his is akin to blaming your old college professor for mailings you receive from your alumni association. We in editorial simply have no control over our various parent organizations' marketing activities. But we can help direct your complaints to the right people to make sure that you do get removed from lists when you're unable to unsubscribe yourself. So please do feel free to send me the addresses you need removed. Or send your request/demand/complaint to this company's list department directly at privacy@1105media.com. --David Nagel

Mon, Mar 28, 2011 Derrick DC

Amen. Complete BULLSHIT! Apparently 1105 owns the following: 1105media.com 1105info.com 1105govinfoevents.com And that's just for starters. CONSTANT JUNKMAIL from them and they have the nerve to post an article regarding spam!! I'm blocking all of their domains, and we're going to get them RBL with some of the big boys as soon as possible. I'm fed up with them! I've unsubscribed NUMEROUS times to no avail. Unsubscribing probably gets you put on a different domain mailing lists that they own. For example, unsubscribing from @1105media.com probably gets you put on @1105govinfoevents.com etc. I wouldn't dare give David Nagel your email, he'll probably subscribe you to more junkmail.

Fri, Oct 22, 2010 Editor

Pot Kettle: If you ever have trouble unsubscribing from 1105's e-mails, please send me a note, and I will personally follow up with our list manager. You can reach me at dnagel@1105media.com. --David Nagel

Fri, Oct 22, 2010 Pot Kettle Earth

Irony alert!!! Anyone ever try to unsubscribe from 1105media.com emails? Doesn't work.

Add your Comment

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

White Papers:

  • Desktop Virtualization in K-12 Schools: Reducing Costs, Saving Time And Delivering Anytime, Anywhere Access for Students and Staff PDF screen shot

    This paper will show how desktop virtualization can positively position educational institutions for the future, enabling them to reduce expenses through hard dollar savings and time efficiencies while delivering the experience that students, faculty and staff need and desire. Through the experiences of Babylon School District, as well as Manchester Essex Regional School District in Massachusetts and Rockford Public Schools in Michigan, we’ll paint a picture of how desktop virtualization can revolutionize education’s approach to delivering technology — an approach schools can actually afford. Read more...

all white papers