Spammers Go Old School and Geeky, IM Attacks Increase

According to a recent report released by IT security firm Sophos, September was both good and bad for the battle against spam. The upside was the fact that the overall ratio of infected e-mail was at an all-time low of 0.33%, or just one in 300. However, new threats are rearing their heads at an alarming rate.

In September alone, Sophos was able to detect 4,080 new malware threats, compared to the 1,998 new threats identified in August.

“This clearly indicates that cyber criminals are increasingly moving away from mass mailed attacks in favour of more subtle and menacing attacks, targeted at just a small group of users,” the report said.

Graham Cluley, senior technology consultant for Sophos added that “The new malware we are detecting can be much more sinister than the old timers that dominate the chart. It often aims to steal sensitive data and information – something which can be extremely damaging to both a company’s reputation and its bottom line.”

As for tactics that spammers are using, McAfee Avert Labs noticed that they are exhibiting a fondness for the past. Earlier in 2006 spammers were using image-based spam messages, which were able to slither past spam filters by altering borders or even a single pixel. Recently however, spammers have been going back to the old techniques involving Word and HTML-based messages.

Spammers are also cycling through 72% more domains per hour than they were in August, helping them to maneuver past spam filters.

Guy Roberts, development manager at McAfee, said that spammers and those trying to stop them are in a foot race. “If it takes traditional blacklists fifteen to twenty minutes to block a site, then that’s how fast the spammers need to change their URLs. Since domains cost only $6 per registration, the spammer is spending less than $100 for four hours of advertising.”

Technology enthusiasts are also being targeted with “geek spam,” which uses jargon and buzzwords that would be familiar to engineers and other groups immersed in technology-related fields. This means that words like “cpan,” “xss,” “Java,” and “.NET” are used in the bodies of these e-mail messages in order to take on the appearance of being a legitimate e-mail.

Mark Sunner, chief technology officer at MessageLabs, warns that e-mail users could see similarly targeted e-mails soon. “Geek spam is yet another way that the bad guys are evolving their methods and we expect to see an increase in other similarly targeted spam, such as accountants and by using financial terminology,” he said.

In terms of instant messaging attacks, corporate IM security and management company Akonix Systems reports that September was the most active month of the year so far with 64 attacks.

“It seems like hackers go on holiday for the summer and come back with fresh attacks in the fall,” said Chris Boyd, director of malware research at FaceTime Security Labs. FaceTime also saw a jump in IM and IRC-based threats, reporting 87 for the month of September.

Boyd also noted an increasing complexity in the IM malware threats.

Sources:

http://www.clickz.com/showPage.html?page=3623557

http://www.mcafee.com/us/about/press/corporate/
2006/20060913_181010_t.html

http://www.sophos.com/pressoffice/news/articles/
2006/10/top-ten-virus-september-2006.html

http://www.internetnews.com/xSP/article.php/
3635106

http://www.messagelabs.com/portal/server.pt/
gateway/PTARGS_0_5882_476_319_-319_43/http%3B/
0120-0176-CTC1/publishedcontent/publish/about_
us_dotcom_en/news___events/press_releases/DA_
173629.html