Spammers Defeat Google
Google has met its match. Analysis of spam by men with machines has shown that 4.6% of all spam originates from Web mail-based services and the proportion of spam from Gmail increased two-fold from 1.3% in January to 2.6% in February, mainly promoting adult-oriented Web sites.Yahoo! Mail was the most abused Web mail service responsible for sending 88.7% of all Web mail-based spam.
Hackers have recently relied on new techniques for evading spam detection which involves computationally solving anti-spam CAPTCHAs, mechanisms designed to eliminate automated sign up tools used by spammers by requiring the user to perform a task that can only be performed by a human.
Once hackers develop a computational method with a 20- to 30% success rate they can use their botnets to create unlimited numbers of accounts on compromised services for spamming and phishing. Yahoo! Mail and Hotmail CAPTCHAs were first broken in July 2007. The increase in spam from Gmail this month may be indicative of similar success.
There are several approaches a spammer can take to defeat a CAPTCHA. Whether they do so using an algorithm, a ‘mechanical turk’ or combination of the two, e-mail providers are feeling the pressure to keep pace but are limited to what a human can realistically solve creating ever more doubt surrounding the long-term effectiveness of the CAPTCHA as a security mechanism for protecting email services from abuse.
Also in February, targeted Trojan attacks increased to approximately 30 per day, an increase of around 200% since the end of 2007. These attacks focus specifically on small numbers of targets in each incident, thus keeping below the radar of the wider security industry. One particular attack this month involved up to 900 targeted Trojans, primarily intended for named senior business executives worldwide, and made use of multiple attack vectors including compromised websites and malicious downloads.
It’s obvious online shifties are going to greater lengths than ever before to reach their targets. Not only are we seeing a significant increase in the number of targeted Trojan attacks, but they often appear to be based on prior intelligence gathered about their targets. At the same time though, more and more businesses are protecting themselves against potential threats by only allowing employees to access pre-approved Web sites.
In fact, there’s an increase in the number of Web sites blocked by businesses because they did not fall within an allowed list, rising by 12.9% from last month. By blocking unclassified Web sites, businesses can safeguard themselves against both new and existing potential threats. This is especially true of those Web sites which appear and disappear within 24 to 48 hours which are often used for phishing, spam, Trojans and other fraudulent activities. In fact, 62.2% of all Web-based viruses and 82.5% of all spyware and adware were from this kind of Web site.
The Storm botnet has also continued to be a significant force in driving spam in February. For the first time it has been used to send spam touting VXPL, a drug promising male sex organ enlargement (don’t bother, I’ve tried it and it doesn’t work -Ed!), and nicotine patches, likely tapping into a seasonal increase in smokers trying to quit. At the same time, there was an increase of activity from Storm to further compromise computers, making up more than 96% of this month’s email-borne malware linking to malicious sites.
