(WEB HOST INDUSTRY REVIEW) — November has been a dramatic month for spam, with many clever attempts to deceive people into giving away their privacy and security, and one major spam host bust, which eliminated up to 75 percent of malicious emails.
Email hosting provider AppRiver (www.appriver.com) recently released its November spam report, where author Fred Touchette named November 12, 2008 the “The Day the Internet Stood Still,” the day Internet providers cut service to rogue web host McColo, temporarily knocking the five highest volume botnets offline.
The AppRiver report also notes that aside from the sudden decline in spam traffic, there have been several important security trends, because even though spam traffic was down, phishing remained heavy throughout the month of November.
Pretending to be from the Federal Reserve Bank, a phishing attempt claimed to inform recipients of rampant phishing campaigns, when it, in fact, attempts to exploit a vulnerability in Adobe Acrobat to infect the system.
There were also a number of attempts to use the identity of major corporations to promise quick money for completing a survey, when they end up taking yours instead when they ask for account information to process the transaction. McDonald’s and Wal-Mart were both used by phishers in campaigns.
In terms of regions of origin in November, AppRiver reports it is almost identical to the previous month, with Europe remaining the most common point of origin, however the top three countries of origin were the US, Brasil and Russia.
While spam traffic may end on a low note, in its 2008 “End of Year Data Security Wrap-up,” Finnish online security provider F-Secure (www.f-secure.com) reports that 2008 is going to be another record year of growth in the amount of malware on the Internet. In only the past year, F-Secure has detected three times the volume of spam of the total amount of malware accumulated over the past 21 years. The company also reports that today’s malware is created by highly organized criminal gangs, using increasingly sophisticated techniques.
In response to this threat, F-Secure has called for better online law enforcement to bring more Internet criminals to justice, such as when the FBI closed down Dark Market, an online marketplace for stolen credit card numbers and illegal Internet services.
F-Secure chief research officer Mikko Hypponen has called for the creation of an “Internetpol” to tackle online crime. “The bottom line today is that too few of the perpetrators get punished,” Hypponen said in a statement. “As a result, we’re sending the wrong message to criminals: here is a way to make lots of money and you will never be caught or punished.”
While AppRiver has summarized the major currents of November spam and malware and F-Secure suggestions on how to stop criminals from profiting from online crime, email and web security services provider MXLogic (www.mxlogic.com) has been making predictions for the new year, noting that Web 2.0 sites, legitimate domains and mobile phones will be likely targets for attack in 2009.
In a special MX Logic Threat Forecast and Report, the “Spammers New Year’s Resolution List” describes the top strategies and tactics the company expects spammers to focus on in the coming year.
These include: harassing users on Facebook, Twitter and MySpace with unsolicited email and malicious links; infecting legitimate websites with hidden, malicious links; giving mobile phone bots a makeover so they are more dangerous to modern mobile devices like the iPhone; creating more nimble and resilient botnets that are less reliant on any single hosting provider or registrar (like McColo); and improve social engineering tactics, based on timely news or events, making campaigns more legitimate looking and difficult to detect.
“Spammers continue to move further away from traditional network-layer attacks, and are focusing more on finding vulnerabilities in Web 2.0 technologies and mobile phones,” MX Logic information security vice president Sam Masiello said in a statement. “Companies need to be ever-vigilant about their security as communication devices, platforms and applications continue to evolve and take new forms.”
