MessageLabs Intelligence Report for May 2009 from Symantec
Symantec, company that specializes in providing Internet security, antivirus and antispyware security solutions for the home user, has announced the publication of its May 2009 MessageLabs Intelligence Report. Security experts from the aforementioned company studied the spam trends for the month of May and reached the conclusion that spam traffic levels increased by 5.1% since last month – that may not seem like a very large percentage, but with this increase spam levels have reached a staggering 90.4%.
According to the May 2009 MessageLabs Intelligence report, the spam messages that were picked up by Symantec include a simple piece of text and a valid link – no elaborate text trying to persuade you to click the link, just something simple and to the point. Clicking the link would lead the user to an active profile on a social networking site; these profiles were undoubtedly created using random names and automated CAPTCHA-breaking tools.
“As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one. In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as a triple threat to heighten the effectiveness of their spamming,” explained MessageLabs Intelligence Senior Analyst with Symantec, Paul Wood.
On top of this, spammers used valid webmail providers, meaning that the spam was not spoofed, as has been the case in the past. The security experts at Symantec also observed that receiving spam in May was determined by the user’s geographic location: the user would get spam messages at a certain time of day, according to his geographical location. In the US of A for example, the user would typically get spam messages in his inbox between 9AM and 10AM; spam messages are sent out all day long, but during those hours the levels of spam traffic peak. A European user would see a steady stream of spam throughout the entire work day, while users from the Asia-Pacific region will receive few spam messages throughout the day since their inbox is already full when they start the work day.
Paul Wood again: “These patterns suggest that spammers are more active during the US working day. This could be because most active spammers are based in the US, according to data from Spamhaus, or because this is when the spammers’ largest target audience is online and likely to respond.”
According to the May 2009 MessageLabs Intelligence Report, the number of sites hosting malware declined from 3,561 in April to 1,1149 in May. The startling part is that 84.6% of sites blocked because they hosted malware were reputable, more than 1 year old sites.
“Spammers using better-known and thus more widely trusted web sites to host malware is reminiscent of the spammers who rely on well-known webmail and social networking environments to host spam content,” explains Paul Wood. “The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious – a temporary site set up with the sole purpose of distributing spam and malware – and thus faster to get shutdown.”
Additional details about the May 2009 MessageLabs Intelligence Report are available here.
If you would like to take a look at the report yourself, a download location is available here (PDF warning).
According to the May 2009 MessageLabs Intelligence report, the spam messages that were picked up by Symantec include a simple piece of text and a valid link – no elaborate text trying to persuade you to click the link, just something simple and to the point. Clicking the link would lead the user to an active profile on a social networking site; these profiles were undoubtedly created using random names and automated CAPTCHA-breaking tools.
“As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one. In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as a triple threat to heighten the effectiveness of their spamming,” explained MessageLabs Intelligence Senior Analyst with Symantec, Paul Wood.
On top of this, spammers used valid webmail providers, meaning that the spam was not spoofed, as has been the case in the past. The security experts at Symantec also observed that receiving spam in May was determined by the user’s geographic location: the user would get spam messages at a certain time of day, according to his geographical location. In the US of A for example, the user would typically get spam messages in his inbox between 9AM and 10AM; spam messages are sent out all day long, but during those hours the levels of spam traffic peak. A European user would see a steady stream of spam throughout the entire work day, while users from the Asia-Pacific region will receive few spam messages throughout the day since their inbox is already full when they start the work day.
Paul Wood again: “These patterns suggest that spammers are more active during the US working day. This could be because most active spammers are based in the US, according to data from Spamhaus, or because this is when the spammers’ largest target audience is online and likely to respond.”
According to the May 2009 MessageLabs Intelligence Report, the number of sites hosting malware declined from 3,561 in April to 1,1149 in May. The startling part is that 84.6% of sites blocked because they hosted malware were reputable, more than 1 year old sites.
“Spammers using better-known and thus more widely trusted web sites to host malware is reminiscent of the spammers who rely on well-known webmail and social networking environments to host spam content,” explains Paul Wood. “The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious – a temporary site set up with the sole purpose of distributing spam and malware – and thus faster to get shutdown.”
Additional details about the May 2009 MessageLabs Intelligence Report are available here.
If you would like to take a look at the report yourself, a download location is available here (PDF warning).
