Spam, Phishing, Zombies Expand Reach, Wits : Published October 2006 All Rights Reserved


Spam, Phishing, Zombies Expand Reach, Wits

If you are connected to the Internet you most likely have an e-mail address and have (or constantly have) received spam. The problem will only grow more troublesom say the experts. Spam attacks and particularly image spam and zombie-generated spam grew in the third quarter of 2006 according to both Commtouch Software Ltd., and MessageLabs.

Some 3.5 million attacks per day became the new measure of spam achievement. Image spam increased in number and severity during the quarter, accounting for 50 percent of all spam during its peak distribution time, Commtouch reported. The figure is up from 30 percent in the second quarter.

MessageLabs, a provider of integrated messaging and web security services, observed new spam techniques to circumvent traditional IT security and the sharp increase in phishing attacks which accounted for more than half of all the malicious e-mails intercepted by MessageLabs in September 2006.

Legitimate marketing professionals however are often innocent victims of spam filters, and rely upon information sharing via e-mail. TRUSTe recommends some steps marketers must take in today's spam weary environment and the organization published its recommendations for free online. TRUSTe's advice follows later in this story.

Commtouch analyzes distribution patterns of billions of e-mail messages in order to develop a block against phishing attempts and image-based spam. It noted that image-spammers added new complexity recently by incorporating animated images distributed on a massive scale for the first time.

Animated image spam typically weighs 44KB or eight times the size of regular text spam. Based upon Commtouch’s analysis, on average, image-based spam accounts for 20 percent of all spam leading to twice the required total bandwidth consumption and redundant storage necessary since the first of 2006.

"The bandwidth and storage requirements of such resource-intensive spam weighs heavily on most IT organizations," said Amir Lev, Commtouch’s CTO.

"In addition to the sheer size of each individual message, the spam messages are sent in enormous quantities, which can overload an enterprise if it is not using an anti-spam engine that knows how to identify and block them," Lev said.

Spammers have begun using images in PNG format, where previously they were using only GIF images. This is another method to try to bypass anti-spam filters Commtouch reported.

MessageLabs noted how spammers are evolving to incorporate groups of individuals by class, keyword, or industry. Recently the firm has experienced a spike in geek spam. This type of spam includes technology-related keywords within the e-mail to dupe recipients into believing that the spam is relevant. This targeted approach, using hidden keywords,  can help to pollute the Bayesian filters often used by technology professionals.

The use of technology buzzwords, such as .NET, cpan, xss and Java, hidden inside the body of the spam can ensure that the e-mail looks convincing enough for limited anti-spam software to allow it through.

"Cyber-criminals continue to seek new and more subversive means to launch their attacks," said Mark Sunner, CTO of MessageLabs. "Geek spam is yet another way that the bad guys are evolving their methods and we expect to see an increase in other similarly targeted spam, such as accountants and by using financial terminology."


Zombie networks or ‘botnets’ have grown in size and severity throughout the quarter. Commtouch research also identified hundreds of thousands of newly activated zombie machines each day throughout the third quarter. Zombies are typically compromised home computers with a broadband connection to the Internet. Commtouch research identified that on average, 85 percent of spam messages sent during the third quarter of 2006 were sent via zombie-infected computers.

"Zombie networks are impossible to block out by traditional ‘blacklisting’ since they are constantly changing," Lev said. "They are like the fireflies of the spam universe – the zombie is born when the computer gets infected by rogue software, but it only remains active for a short time from the same IP address. Only a real-time detection engine can provide effective protection against zombie-generated spam messages."

If your inbox is full of "penny stock" advertisements -- Commtouch reports you are not alone. Stock scams are tailor-made for image-based spam, since they do not require any hyperlinks to spammer websites, instead simply directing the reader to purchase the stock.

Other popular spam messages included pharmaceuticals (27 percent,) stock (18 percent,) sex enhancers (12 percent,) finance, work from home, mortgage, (11 percent,) gambling (11 percent,) pornography (6 percent,) and other at 15 percent.


Phishing, or the term used to describe attempted fraud via email, is rising with great speed.  Commtouch research concluded that during the third quarter, nearly half of all phishing attempts preyed on account holders in eBay or Paypal, divided nearly equally between the two (24 percent on eBay, 24 percent on Paypal.)

Phishing email messages typically use social engineering tactics to make the reader believe that they are viewing a legitimate communication from a financial institution. Then users are lured into providing their usernames and passwords by logging in to the fictitious site, which they access by clicking a hyperlink in the email.

"Regardless of the anti-spam legislation in effect in many countries, we see that the spam problem is getting worse with each passing day," said Lev. "Double-digit percentages of image-based spam, enormous zombie spam networks, growth in phishing attempts -- all point to the fact that legislation alone can never solve the problem. The answer is rooted in technology-based filtering and blocking."

When new forms of spam are added to existing phishing attacks and an augmented focus on banks --who have not adopted new security technology--  the end user is increasingly more exposed to complex and well engineered attacks Sunner said.

When judged as a proportion of all email-borne threats such as viruses and trojans, the number of phishing emails has risen by 21.7 percent, now accounting for 52.4 percent of all the malicious emails intercepted by MessageLabs.

MessageLabs research reported that phishing attacks continue to become more targeted as criminal groups shift their attention from creating malware to attacking banking organizations not yet protected by two-factor authentication security measures.

Banking organizations with protective technology are being attacked, but on a much lesser scale MessageLabs reported. These increased attacks are perhaps due to the release of Microsoft Internet Explorer 7.0, which will include additional anti-phishing countermeasures.


MessageLabs puts the global ration of spam in September at 64.4 percent of sent messages, up 0.1 percent from August. "This is indicative that spam is not going away, and that concentrations are expected to increase again in coming months as spammers continue to adopt new techniques," the company reported.

The good news though is that viruses and trojans have declined since the beginning of 2006 and in the third quarter the rate was much lower than third quarter of 2005. 

MessageLabs research indicates that bots are increasing in number and distribution, particularly in South America countries, where the use of bots to distribute bank trojans and phishing scams has now escalated to such a degree as to make them the new “419-scam” of the region.

Israel was the world's top target of spam, representing 74 percent of all e-mail traffic. Ireland recorded the highest increase in spam (1.7 percent) to 64.2 percent of all e-mails. If you live in India your spam figures are the world's lowest at 25 percent. Australia was the least affected virus country in September with a drop of nearly 1 percent followed by Belgium with a rate of 1 in 102 viruses during September, according to MessageLabs research.


Spam of course has now become the reason everyone questions whether or not their "innocent yet important" e-mail was received by the one intended and not tossed by a spam filter before reaching its destination.

Non-profit online privacy organization TRUSTe along with Epsilon are helping marketing services firms assure successful e-mail communication delivery.

"As the e-mail landscape continues to evolve toward increased end-user control, maximizing marketing ROI will require a commitment to understanding and catering to consumer preferences," said Fran Maier, executive director of TRUSTe.

"In ‘Your Customers Hold the Key to Deliverability,’ report TRUSTe and Epsilon provide marketers of all sizes with practical advice that will help them ensure mutually-beneficial, long-lasting and respectful email dialogs with their customers."

TRUSTe's report, which is free for download,  (copy and paste the link:  www.truste.org/whitepaper )  was designed to help businesses assure successfully delivery and optimal response from their permission-based e-mail communication efforts.

The guide also provides hands-on advice for marketers seeking to avoid and reduce spam complaints. Spam complaints are increasingly playing a role in ISP anti-spam filtering policies, white listing programs, and emerging accreditation and reputation solutions, and have the potential to impact marketers’ ability to successfully deliver e-mail.

Michael Della Penna, CMO of Epsilon, said that marketers must understand ISP policies and those of their own customers. "The importance of taking a customer-centric approach to your e-mail communications and employing industry best practices is essential to not only reducing complaints and improving delivery, but also to optimizing customer relationships and growing marketing ROI."

TRUSTe's guide recommends the sender must provide clear and conspicuous notice, host a website to enable customers to modify e-mail settings, and establish feedback loops with participating ISPs, and to closely monitor short and long-term spam complaint trends.


---This content is copyrighted by Think & Ask, reproduction of any kind is not permitted without written consent.---