Malware, Spam Find New Ways To Beat Up Computer Users in 2008

• By Dian Schaffhauser
• 12/09/08

##AUTHORSPLIT##<--->

Spam levels have dropped slightly from 2007, even as spammers have found new ways to distribute their e-mail sales pitches and, increasingly, malware, according to the MessageLabs Intelligence 2008 Security Report. Total spam levels averaged 81.2 percent for the year, compared with 84.6 percent in 2007. As much as 90 percent of spam was being distributed by botnets, until two US Internet service providers blamed for hosting the command and control channels for some of the largest botnets, which had been responsible for half of all spam, were closed down in the fall. Botnets have since found alternative hosting, resulting in a return to spam levels close to those before the takedowns.

An alarming trend identified in the report is the ability of spammers to defeat CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) techniques to generate massive numbers of personal accounts from large, reputable Web-based e-mail and application services. By September, Symantec reported, 25 percent of spam originated from these sources,

"2008 was an important year for the security industry as new threats emerged and old threats evolved while the Internet gained sophistication and its users became more Web-savvy than ever before," said Mark Sunner, chief security analyst, MessageLabs. "CAPTCHA breaking became one of the best ways to spam, and a wide variety of spam ensued emanating from free Web-mail and social networking sites, which require personal accounts for access."

Another cybercriminal favorite of 2008 involved the distribution of malware on social networking sites, first seen in small amounts toward the end of 2007. The daily number of new Web sites containing malware rose from 1,068 in January to its peak at 5,424 in November.

One tactic that became popular this year was to create fake profiles on social networking sites using them to post malicious links and to phish other users. Once a user is phished, spammers can post blog comments on the pages of their friends and send messages from the phished accounts to other contacts. The messages were mostly used to dispense spam, including links to spam sites such as online pharmacies. After gaining access to legitimate user profiles, scammers then harvest the available personal information to further target users.

"Web 2.0 offers endless opportunities to scammers for distributing their malware--from creating bogus social networking accounts to spoofed videos--and in 2008 the threats targeting social networking environments became very real," Sunner added. "Web 2.0 thrives on user-generated content, as do the spammers. The ability to adapt to new mediums and upload enticing content as 'snake oil' to persuade an information-hungry user to activate it, is one of the cybercriminals' strongest talents and has made them successful in transforming deception into a fully scalable business model within the underground shadow economy."

Phishing underwent some notable transformations in 2008 as phishing attacks from specialized botnets became commonplace. While the intensity of phishing attacks hasn't changed significantly over the course of the year, the targets have widened to include recruitment agencies and online retailers in addition to the traditional phishing target, financial institutions.

The average number of new Web sites blocked daily increased 82 percent, from 1,253 in 2007 to 2,290 in 2008, largely due to increased attacks using SQL injection techniques.

MessageLabs was acquired by Symantec in November.