Report: Spam Levels Continue To Surge -- Redmondmag.com

Report: Spam Levels Continue To Surge

By Stephen Swoyer
06/23/2009

Spam levels have always comprised the bulk -- the overwhelming majority, in fact -- of all corporate e-mail. Last month, according to Symantec Corp. subsidiary MessageLabs, the spam tally surged even more, eclipsing 90 percent of all business e-mail. That was an uptick of 5.1 percent in just one month.

What happened in May to encourage such an increase?

MessageLabs ascribes the surge to the persistence of botnets. More than half (57.6 percent) of spam is generated by such networks, MessageLabs officials said, with the Rustock and Bagle botnets, in particular, accounting for more than one-fifth of all spam. Both networks are heavily based in the Americas (the single largest botnet, Donbot, is most active in Asia).

The Americas, and the United States in particular, are disproportionately popular spam targets. Spammers largely hew to GMT -5 or GMT -8 clocks, MessageLabs found; most spam is sent during the U.S. work day.

Thanks to ever greater CAPTCHA-cracking success, spammers have been able to more effectively exploit webmail services or social networking sites.

"Active profiles on social networks are goldmines for spammers to lure unsuspecting users. All spammers use is a subject line and a valid hyperlink to active profiles on one of a number of major social networking sites," a MessageLabs release indicated. "These e-mails originate from legitimate addresses on some of the main webmail providers making them harder to catch by regular anti-spam filters."

The spam watcher also flagged the appearance of a new spin on the always-intriguing "ransom" e-mail exploit -- in this case, Russian language "ransom-style" spam. The content of such messages (e.g., "We know your target audience,/If you want to get to them/Order e-mail distribution from us/Phone XXX/ICQ XXX") doesn't so much amount to a threat as a marketing pitch.

What's intriguing, according to MessageLabs, is that spammers are encoding English language words, phrases or sentences in the Russian (Cyrillic) character set in order to fool spam filtering technologies. When an encoded message is received by an e-mail client, the client will use Roman character analogs to render the Cyrillic characters. "The unneccesary use of another character set to encode the English language subject is purely to hide the true content of the subject of the message, and a technique sometimes used by spammers to avoid content filters."

On the "good news" front, malware traffic was down slightly in May, dropping 0.01 percent from April levels. (This number reflects the global ratio of e-mail-borne viruses from "new and previously unknown" sources, according to MessageLabs.) For the month, exactly 7 percent of all e-mail malware featured links to malicious Web sites. That, too, was a decrease -- in this case, of 6.3 percent -- from April's tally.

The number and variety of phishing attacks increased last month -- albeit by just 0.11 percent -- such that 1 in every 279 e-mails (or 0.36 percent of all e-mails) was a phishing attack of some kind. "When judged as a proportion of all e-mail-borne threats such as viruses and Trojans, the proportion of phishing attacks had remained unchanged at 89.7 percent of all e-mail-borne malware and phishing threats intercepted in May," MessageLabs indicated.

Researchers say both traffic and connection management technologies have had some success in terms of reducing or reining-in spam levels. "Traffic Management continues to reduce the overall message volume through techniques operating at the protocol level," MessageLabs researchers report. "Unwanted senders are identified and connections to the mail server are slowed down using features embedded in the TCP protocol. Incoming volumes of known spam are significantly slowed while ensuring legitimate e-mail is expedited."

Last month, for example, MessageLabs says it processed an average of 3.54 billion SMTP connections per day, throttling back more than half (58.1 percent) of this traffic because it was "unequivocally malicious or unwanted."

Ditto for connection management, which researchers say is an effective tool with which to combat directory harvesting, brute force, or e-mail DoS attacks. In May, MessageLabs rejected an average of 45.1 percent of inbound messages (as originating from botnets or other known malicious senders).

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.