This graph show the sharp rise in the number of spam e-mail messages sent recently that include short URLs.
(Credit: MessageLabs)In yet another piece of anecdotal evidence of the increasing threat from shortened URLs, e-mail security provider MessageLabs said on Tuesday it saw a dramatic spike in the number of spam e-mails that include truncated Web addresses.
Shortened URLs, which allow spammers to hide the real Web address from Web surfers and are commonly used on social media sites like Twitter where message character length is restricted, began a sharp rise last week and now appear in more than 2 percent of all spam caught in the company's spam trap, according to MessageLabs.
"Usually when we see a spike of this nature it tends to indicate that a spammer has found some method of automating the creation of these short URLs," said Matt Sergeant, a senior antispam technologist at MessageLabs.
The many URL shortening services make it more convenience to post long URLs on sites like Twitter, but they also make it easy for attackers to lead Web surfers to sites hosting malware.
A major spam botnet called Donbot has aggressively moved to using this technique, Sergeant said. Donbot appears to be primarily focused on displaying advertisements, but could be linking to sites that drop malware onto visitors' computers too, he said.
Spam-filtering software can block spam from getting into inboxes and programs like Long URL Please and shortText make it easy to see what the real URL is.
Spam made up 90.4 percent of all e-mail traffic in June, with botnets accounting for the vast majority of those unsolicited messages, according to a new report from Symantec's MessageLabs.
Spam sent out from botnets, or networks of zombie PCs, made up 83.2 percent of unsolicited e-mail messages this month, MessageLabs said Tuesday in a statement. In May, 57.6 percent of spam was sent from known botnets, with Donbot responsible for 18.2 percent of these messages.
According to the messaging security company, the biggest botnet currently is Cutwail, which has doubled in size and output per bot since March. At its peak, Cutwail had an army of 1.5 million to 2 million active bots, but the shutdown of Californian ISP Pricewert earlier this month led to several hours of downtime for the botnet.
Cutwail, however, bounced back within hours, noted MessageLabs. It currently has an output of around one-third of its original capacity. Other major botnets include Rustock, Grum, Donbot, Bagle, Xarvester, Mega-D, Gheg, Asprox, and Darkmailer.
Also in June, there were an average of 1,919 new Web sites per day harboring malware and other potentially unwanted programs including spyware and adware. This represented an increase of 67 percent over May.
Over half, or 58.8 percent, of all Web-based malware that MessageLabs intercepted during the month was new, a month-on-month increase of 24.6 percent.
Data from MessageLabs also shows that more hyperlinks in instant messaging conversations are stepping stones to "instant malware."
In June, 1 in 78 hyperlinks found in instant messages linked to Web sites hosting malicious content, compared with 1 in 200 at the end of 2008. The hidden malware typically tries to perform a drive-by attack on a vulnerable Web browser or browser plug-in, said the company.
One in 80 IM users, predicted MessageLabs, may receive a malicious instant message each month.
Vivian Yeo of ZDNet Asia reported from Singapore.
Cutwail's spam activities on Thursday as Pricewert got shut down.
(Credit: MessageLabs)It's been almost a week since the Federal Trade Commission had the allegedly rogue Pricewert ISP shut down, and it seems like the Internet has indeed been a safer, or I should say slightly less dangerous, place.
The FTC charged that Pricewert's distribution of illegal, malicious, and harmful content and deployment of botnets that compromised thousands of computers caused substantial consumer injury and was an unfair practice, in violation of federal law.
According to Symantec, the Cutwail botnet--one of the most notorious botnets, accounting for up to 35 percent of all spam in May across the globe--experienced a major blow to its track record after the shutdown late Thursday of Internet service provider Pricewert.
Another botnet Pricewert is allegedly involved with is the Pushdo, which was also reportedly affected. Both Pushdo and Cutwail reportedly used 3FN, one of the names Pricewert did business under, as botnet control servers.
According to the data released Monday by TRACElabs, the overall spam volume index has been reduced by 15 percent since Thursday. However the day-by-day number has gradually increased.
This means a couple of things.
First, either the timing of these changes was a coincidence or Pricewert was indeed involved in this nasty business. It's important to note that the company has not yet been convicted of any wrongdoings. The first court hearing is scheduled for June 15.
Second, it's likely that the spammers will soon recover from this heavy blow as many similar companies are based outside of the U.S., where the anti-spam laws are not strictly enforced.
Nonetheless this for now looks like an apparent victory for the authorities and for all the Internet users. In terms of its long-term impact on spam, Symantec's MessageLabs Senior Anti-Spam Technologist Matt Sergeant told CNET News: "For now, we will see spam levels lower than usual, but we expected the swift comeback of Cutwail. The spammers learned that they can't put all their eggs in one basket and need to have backup command and control."
It's indeed wait and see, but so far I personally have received less spam in the last few days. How about you? Share your thoughts about this case and your recent spam experience, in the comment area below.
Spam now accounts for 90.4 percent of all e-mail, according to a report released Monday from security vendor Symantec. This means that 1 out of every 1.1 e-mails is junk. The report also notes that spam shot up 5.1 percent just from April to May.
Symantec's May 2009 MessageLabs Intelligence report reveals other disturbing trends, as well. Rather than just hijack disreputable Web sites, cybercriminals now favor older and well-established domains to host their malware. The report says 84.6 percent of all domains blocked for malicious content are more than a year old. One type of domain now especially vulnerable to threats is social networking, since most of the sites' content is created by users.
"Spammers using better-known and thus more widely trusted Web sites to host malware is reminiscent of the spammers who rely on well-known Web mail and social networking environments to host spam content," said Paul Wood, Symantec's MessageLabs Intelligence senior analyst. "The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious--a temporary site set up with the sole purpose of distributing spam and malware--and thus faster to get shut down."
Where you live also determines when you're spammed, says the report. For people in the U.S., spam hits its peak between 9 a.m. and 10 a.m. and then drops overnight. Europeans get a solid stream of spam throughout the day, while users in Asia-Pacific countries find most spam waiting for them in the morning. One reason for this trend, says the report, is that most spammers are at their busiest during U.S. working hours.
The popular CAPTCHA program, which asks the user to type in a series of random characters, is no longer proving as effective as once hoped. Many Web sites have relied on CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to ensure that accounts are created by actual human beings.
But criminals have now succeeded in generating profiles with random names, apparently by using automated CAPTCHA breakers. The report notes that some major Web sites are now exploring other ways to block automated accounts, such as using photographic images that a user must analyze.
Spam levels had dropped for a short while last year after the closure of several malware-hosting Internet providers. But spammers have since bounced back from those losses by rebuilding their networks.
Symantec's MessageLabs Intelligence gathers research on spam and other malware from global data centers that track e-mails and Web pages. Symantec releases a new intelligence report each month.
Spam decreased 8 percent during September, according to a report (PDF) released Monday by MessageLabs.
Among other reasons behind the decrease, the security company cited the apparent demise of California-based Intercage, an Internet service provider alleged to have possibly been used to host command and control servers for various botnets. Intercage's upstream provider, Pacific Internet Exchange, terminated service on September 20; a second upstream provider, UnitedLayer, then terminated service on September 25. During this period, MessageLabs reported a marked decrease in spam traffic.
The impact of the Intercage ISP disconnection on botnet spam relays can be seen in this graph.
(Credit: MessageLabs)Looking deeper into the spam traffic itself, MessageLabs found that 85 percent of sexually explicit e-mail spam is sent during the workday. A healthy 28 percent of that is sent during the lunch hours, from 11 a.m. to 1 p.m. local time. Almost all of this is blocked by corporate filters.
- prev
- 1
- next
