Occasionally, new techniques are used to try to bypass even the most successful spam filters. When a message is sufficiently different from any previously analyzed by the Sophos spam engines, analysis by researchers establishes whether the message is legitimate or not. Illegitimate emails using new techniques are immediately fed into the spam rules, ensuring that customers are protected against any campaigns using these new techniques.
Dirty dozen
2007 brings some interesting changes to the chart of the 12 countries relaying the most spam.
Dirty Dozen: the top spam-relaying countries in 2007:
- United States 22.5%
- South Korea 6.5%
- China (incl HK) 6.0%
- Poland 4.9%
- Russia 4.7%
- Brazil 3.8%
- France 3.5%
- Germany 3.5%
- Turkey 3.1%
- Spain 2.7%
- Italy 2.7%
- India 2.6%
- Other 33.5%
The top three this year have led the chart since the inception of the threat report in 2005.
The United States, responsible for sending about a fifth of all the spam in the world for the last few years, needs to tackle this problem urgently. Not only is the problem polluting our inboxes with unwanted emails – some of which will go to malicious or infected websites – it also means that a large number of US computers, most likely those run by home users, are infected. Educating users on how to protect their system against a compromise is paramount to the US’s success in its war against spam.
Despite holding onto the same chart positions, the proportion of spam-relaying reported from China has significantly diminished. In 2006, Chinese compromised machines sent more than 15 percent of the world’s spam, whereas in 2007, they more than halved this number.
In contrast, the US and South Korea have made no significant impact on the problem of spam being relayed via their countries.
Pump-and-dump spam
Pump-and-dump stock campaigns remain a significant problem. They work by spammers purchasing stock at a cheap price and then artificially inflating it by encouraging others to purchase more (often by spamming “good news” about the company to others). The spammers then sell off their stock at a profit.
August 2007 saw a colossal spike in spam volume for 24 hours due to a single pump-and-dump campaign that urged potential investors worldwide to purchase stock in a company called Prime Time Group.
Prior to 2007, pump-and-dump spam campaigns typically attempted to influence the stock price of small North American companies. During 2007, however, Sophos experts noticed a shift in tactics as cybercriminals increasingly tried to manipulate European stocks.
This increased targeting of non-American companies might well be because US authorities have taken stronger action to defuse the criminal activity. For instance, in March 2007, in “Operation Spamalot”, the Securities and Exchange Commission (SEC) suspended trading on 35 companies mentioned in stock manipulation campaigns.
As security vendors have become more proficient in intercepting stock spam at email gateways, stock-manipulating hackers have turned to more elaborate methods to get their messages in front of internet users. For example, PDF files, JPGs and other image attachments are used to carry the message in the hope that this type of file will be harder to identify as spam.
One of the more bizarre schemes was seen in October 2007 when a pump-and-dump spam campaign used MP3 music files in an attempt to manipulate share prices20. Files posing as music from stars such as Elvis Presley, Fergie and Carrie Underwood actually contained a monotone voice encouraging people to buy shares in a little-known company.
User response to spam
One of the main reasons spammers invest their resources into devising new techniques is that spam works – and looks increasingly successful. In a Sophos web poll conducted in February 2007, 5 percent of respondents admitted to buying goods sold via spam. In a second poll conducted in November 2007, the figure had risen to a concerning 11 percent.
Are you a spammer?
Virtually all spam comes from compromised computers (called “bots” or “zombies”) that have been successfully attacked and now, unbeknown to their owners, are sending out large volumes of spam, launching distributed denial-of-service attacks, or stealing confidential information.
Having up-to-date anti-virus protection, installing and running a firewall, and ensuring that all security patches are in place for both the operating system and any installed applications, will significantly lower the likelihood of being compromised.
Sophos ZombieAlert Service22 identifies business computers that have been hijacked and which are sending out emails on behalf of the spammers.
Sophos.com
No comments:
Post a Comment