News

Spam Surge Fueled by Health Care Debate, Fake Pharms

• By William Jackson
• 08/26/2009

Spam volumes have increased fourfold during the last six months, and the unsolicited -- and often malicious -- messages accounted for a discouraging 94.9 percent of all e-mail delivered so far in August, according to the most recent report (PDF) from online security company MX Logic.

"We don't anticipate any dramatic declines in volume or levels as spam remains a highly popular and profitable delivery mechanism for cyber criminals," according to MX Logic's September "Threat Forecast and Report." The report offers little hope for relief.

Health care was the most common category for spam in August. An increasing number of bogus pharmacies are using image spam, in which the message is included in an image rather in text in an effort to avoid spam filters.

"Although image spam is an old tactic, it's one that spammers like to resurrect occasionally," the report states. "Despite the debatable effectiveness of these campaigns, we don't expect image spam to completely disappear any time soon."

The lure of cut-rate, no-prescription pharmaceuticals appears to be powerful. Spam watchdog groups say that phony pharmacies predominate in online advertising delivered through Microsoft's Bing search engine. According to a report from the anti-spam site KnujOn.com and LegitScript.com, which validates legitimate pharmacies advertising online, nearly 90 percent of Internet pharmacy advertisements delivered on Bing.com that were reviewed were operating illegally.

"The majority of Internet pharmacy ads did not require a valid (or any) prescription," the report states. "We successfully attempted to test buy in two cases, receiving drugs in both cases that appeared to come from India." Some of the drugs received through the ads tested as counterfeits.

Microsoft responded to the report saying that the results were exaggerated and that it had manually reviewed and removed the offending ads. But KnujOn and LegitScript said later that a review of the search engine's advertisers showed that phony ads continued to appear.

MX Logic predicted that Internet pharmacy advertising will not be the only online threat generated by health care concerns.

"As the debate about U.S. health care reform continues to heat up, we believe there's a strong chance this will increase and we'll begin seeing forms of political 'hacktivism' impacting the performance and availability of popular social networking sites," the threat report warned. Attacks against social networking sites advocating either side of the debate could have ripple effects affecting the services hosting the sites.

Malicious e-greeting card notifications remained a popular type of spam in the last month, but phony UPS or DHL invoices were the most popular method for delivering malware directly, accounting for four out of five instances in which malware was attached to an e-mail.

The popularity of social networking sites has resulted in a number of high-profile attacks and exploits in recent months, and this trend probably will only escalate, MX Logic said.

"With the web of trust that users generally have with the people they are connected to on sites like Facebook, MySpace and Twitter, we expect to see an increase in spam and malware disguised as messages from someone the recipient knows," the report states. "Given the popularity of these sites, we anticipate these types of attacks will increasingly become more sophisticated in common in the coming months."

The United States was the top source of spam over the past month, accounting for 13.3 percent, edging out Brazil with 13 percent. Other top sources were India, Ukraine and Poland.