Spam More Dangerous than EverWritten by Malcolm James on April 17, 2013
You know, we’ve heard so much over the past two years about the dangerous new onslaught of malware-ridden spam that was just around the corner, we failed to actually notice that we’ve taken the corner and been driving for awhile now. Threats of black hat spam have got some of use freaked out by the very scientific (and scary) use of data science methods to create entirely believable personas online. Blackhole 2.0 hit the ground running, a nasty little frontend for anyone who wants to mess up your day by dumping payloads that would shame an African elephant. Botnets like Zeus and Cutwail are alive and well and wreaking mayhem at a computer near you. And the rise of social media spam and new threats on iOS and Android devices leaves us with an uneasy suspicion that the spammers actually have a strategy. Hmm.
Year over year, the numbers of overall spam are on a decline, there’s no arguing that. But while some choose to regard the general reduction in the amount of spam as a victory, others are taking a more grounded approach, pointing out that the numbers don’t mean anything if the spam that’s landing in your inbox is about to nuke you back to the stone age.
The problem: there’s a very real danger here that no one seems to want to discuss, or perhaps more accurately, no one’s outright considered. It’s that collected sigh of relief that occurs when the constant and unwavering bombardments of spam suddenly end. That sudden and deafening silence that occurs only when the screaming stops. The proverbial calm after the storm.
You see, spam filters have gotten so effective that, guess what? They actually work. That’s great news, and that’s exactly what we want out of our spam filters. But what that leaves us with – what gets through the filters and into our inbox – is a stuff so nasty and devious that it almost makes one wish for the good ol’ days when we were trashing Viagra ads by the bucketload.
A new report by German security firm A-V Test and a corresponding article by our friends over at The Register may help clear the air for a few of you who have opted for breathing a sigh of relief. Entitled “Spam – More Dangerous than Ever Before,” its title doesn’t leave much doubt as to the conclusions reached by A-V Test.
The firm conducted an 18 month study between August 2011 and February 2013, collecting and analyzing more than a half million spam emails. And the results just aren’t making us feel warm and fuzzy. The conclusion, says A-V Test, is that “the risk posed by spam is higher than ever.” Here are some of the key findings:
- Of some 30,000 emails with attachments, more than a third were laden with malware
- Of 550,000 emails identified as spam, 2.5 percent (14,000) were infected
- About 73 percent of the emails examined contained links that led to fraudulent sites selling counterfeit products
- 1 percent of the links led to malware-infected sites
- The normal cadre of offenders for attachments were used – SCR, PIF, ZIP, COM, EXE, BAT, and, of course, PDF and image files continue to be popular payload deliverers
- Almost all spam messages containing ZIP files were infected
- More than 80 percent of all HTML documents in the spam messages were infected
- Although most of the spam messages came from the U.S. (roughly 43 percent), only 15 percent of those were infected
- 78 percent of spam messages from India were infected
- 77 percent of spam messages from Vietnam were infected
Perhaps what’s most telling – and disturbing – about the study’s finding is how prevalent botnet infections are in office environments. A-V Test found that 25 percent of botnet activity came from businesses! They came to this conclusion based on some nifty reasoning:
“The results of the test showed that the amount of spam sent remained extremely consistent from Monday to Friday before reducing to 25 percent at the weekend, namely on Saturday and Sunday. The study therefore proves that 25 percent of all spambots are located in offices, where they are switched off at the weekend. The amount of spam sent then increases straight away on the Monday after the weekend.”
It must have been pretty eerie to observe that phenomenon unfold in real time and come to the understanding of what was going on.
All in all, it’s a pretty revealing study, and if nothing else, it gives us reason to bolster our paranoia. A-V Test even includes complimentary botnet checking (found near the end of the report), so this might be a good opportunity to see if any of your systems are infected.