Email spam dominates threat reports as 2009 sees figures at highest levels
As the tech world and SC's news took a focus on the Twitter/TechCrunch story this week, I have decided to look at the statistics from a few reports. At the beginning of this week I received the half yearly report from Marshall8e6, whose TRACElabs observed a 60 per cent increase in spam volumes from the last analysis, with spam now representing a full 90 per cent of all inbound email.
It also claimed that Rustock botnet emerged as the dominant force in spam output in 2009 and is responsible for more than 40 per cent of all spam sent so far this year, and that pharmaceutical spam is making up 75 per cent of all spam.
So in short, cybercriminals are using email as a main resource for sending spam, this is not really news to many of you whose inboxes are cluttered with messages from African princes, offers of hormone replacements or solutions to get out of debt now, but the huge rise does suggest that something must be going right for them.
Another story that rose from the Marshall8e6 TRACElabs report was how much ‘penile dysfunction' spam was not only being responded to, but purchased by recipients. No wonder email continues to be such a popular form of sending spam when it is not only opened, but money is to be made from it.
As Websense Security Labs report for June showed, trending topics such as Michael Jackson's death and the Air France crash also helped boost email spam. Its report claimed that there ‘was a big rise in the volume of malicious messages sent, and many companies were hit by spear phishing campaigns.'
Websense claimed that Jacko's sudden death was met with malicious messages using news of the event as a social engineering lure within just 24 hours of his death being confirmed. The report said: “Cybercriminals' use of event-based themes is something we are always tracking in Websense Security Labs.”
Cyberoam and Commtouch jointly prepared a quarterly report for 2009 that also saw a sharp rise in the number of new viruses being circulated via email that it claimed major anti-virus engines were unable to defend against for several hours.
It claimed that one reason for the rise in such malware outbreaks is the appearance of aggressive new variants of several different Trojans for which major anti-virus products took anything between four to 80 hours time to detect the malware.
To prove that email spam really was a dominant factor, Cisco's midyear security report found that 180 billion spam messages were sent each day, representing about 90 per cent of the world's email traffic – inline with the TRACElabs findings.
It claimed that spam was ‘one of the most established ways to reach millions of computers with legitimate sales pitches or links to malicious websites' and that spam ‘remains a major vehicle for spreading worms and malware, as well as for clogging internet traffic.'
So away from email spam, Websense's report further claimed that there had been a number of Twitter vulnerabilities in June as hackers used trending topics and hashtags to spread links to malicious sites or rogue AV alerts.
This particular malicious trend was picked up by security blogger Aviv Raff, who claimed that July 2009 was the ‘month of Twitter bugs' and he was aiming to raise the awareness of Twitter vulnerabilities and would publishing a new vulnerability every day of the month on http://twitpwn.com/, visit the site to see him keep his word so far.
Cisco identified three key trends in security, or highlights as it called it, that identified the Conficker/Downadup worm that threatened to hit on 1st April, the spiral of spam that related to public concern over H1N1 influenza (swine flu) and President Barack Obama's effort to make strengthening US cyber security a high priority for his administration as he looks to work with the international community and the private sector to leverage technology innovations to reduce cybercrime.
Finally Marshall8e6 TRACElabs noticed a rise in fake anti-virus, or ‘scareware', campaigns with hundreds of variants or ‘skins' circulating that is distributed via spam email attachments, links in spam, search engine optimisation techniques that elevate scareware websites in a user's search results and bogus accounts in social or professional networking sites, such as Twitter and LinkedIn.
From these vendor-specific reports it is easy to see a trend and I guess it is positive that all the companies are singing from the same hymn sheet in terms of threats, and how fierce they are. While there was no real desire to draw a conclusion from this week's musings, what I did want to show was what the identified threats were and how they have affected the industry.
After all, it is easier to do prevention after an attack so an assumption would be that in a month, three or six months time the figures will be lower and the world will be more secure.