How Spammers are Sidestepping Traditional CountermeasuresWritten by Jeff on July 11, 2013
When spam levels dropped a few months ago, people began wondering whether spam was finally going to meet its end. Of course, most people realized that the lulls in spammer activity wasn’t because they were getting bored with their business; instead they were the result of botnet take downs and anti-spam filters using better technologies to stop them.
But anything as profitable as computer based crime isn’t going to stop when the going gets tough. Spammers have faced challenges before and usually come back with new tactics to spread their junk mail and malware enhanced messages to their victims. Now, we are starting to see some of the changes they have made.
Compromised Web Hosts
In the past, spammers used armies of compromised desktops to send spam. These botnets ranged in size from 10,000 computers to 30 million. While effective, they drew a great deal of attention to themselves and efforts were made to shut them down and filter email messages that were sent by them. So the spammers stepped it up a notch.
Instead of compromising the desktop, the bad guys started going after web hosts. Web hosts offer attackers a much easier target as so many sites are set up each day using web applications that allow bad guys a way to compromise the site and use the host to send spam. As Malcolm James reports in the post above, spam sent from these hosts are almost four times more likely to bypass anti-spam filters than other types of spam.
Good Spelling and Good Grammar
For a while, phishing and spam emails were easy to spot because their were many spelling and grammatical mistakes. While many of these errors came as a result of non-native English speakers writing these emails, there were many that were intentional to bypass anti-spam filters who relied only on keywords to stop malicious emails before they made it to a victim’s inbox.
Because these mistakes gave potential victims clues that the email wasn’t legitimate, advanced attacks have taken measures to ensure that their messages are void of glaring mistakes. They have countered some of the red flags that are keyword based by sending fewer, but more targeted, emails to their victims instead of blanketing as many email addresses as possible.
Links to Bad Neighborhoods
Malicious emails were, for a long time, focused on marketing products like pharmaceuticals, casinos and online dating services. While emails are still used to promote products, malicious links are starting to be the favorite payload for cyber criminals.
Able to avoid simple attachment scanning that some anti-spam solutions rely on, an email that contains a link looks harmless to both the technical controls and the recipient. The link, however, doesn’t always take you to a safe place. Attackers, instead of attaching a malicious file to the email, have taken to using links that send potential victims to a web site that exploits the browser and downloads the malware to the computer. Known as a drive by download, the victim is rarely aware that their computer has been infected until it is too late.
Different Flavors of Spam
Email spam isn’t the only type of spam that is sent nowadays. Scammers have realized that organizations who use reliable anti-spam filters are difficult to exploit so they have gone down some different paths.
Sending spam through social networks, text messages (SMS) and comment systems has become a fall back for many cyber criminals who don’t have the skills or funds to bypass advanced technical solutions. Luckily, some anti-spam solutions are provide controls to help prevent these types of spam as well. Coupled with good education, organizations who use these solutions are doing extremely well in fighting spam.
Spam continues to be a real threat to consumers and businesses because the threat landscape continues to evolve. As spammers continue to get trickier, and more dangerous. It is more important than ever to make sure that your organization is doing everything in their power to minimize you and your co-workers’ from being victimized by such an attack.