Spammers Switch to Compromised Accounts to Reduce Reliance on Botnets
Spammers today favor compromised accounts for sending spam, gradually shifting distribution away from botnets, Commtouch, a company that provides cloud-based Internet security services, recently reported in its quarterly Internet Threats Trend Report , which covers Web threats, phishing, malware and spam. The changed tactic has emerged as spam levels dropped dramatically, following several high-profile botnet takedowns.
“Spammers are trying to out-maneuver IP-based spam blocking techniques as well as law enforcement that have both effectively targeted botnets,” said Amir Lev, Commtouch’s chief technology officer. “They are now using a combination of malware and phishing to compromise legitimate accounts and then using these accounts to send low-volume spam outbreaks.”
On the Web security front, Facebook continued to be abused for attacks as more and more consumers expand their use of the social network. Facebook malware tricked users by promising applications that reveal who was viewing their profiles as well as Osama Bin Laden death videos.
Other malware distribution tactics used during the quarter included:
•Phony IRS “rejected payment” emails
•Fake iPhone 5 notifications
•SEO poisoning
•Malicious scripts within Adobe PDF files
Additional highlights from the July 2011 Trend Report include:
• Spam levels averaged 113 billion spam/phishing messages per day during Q2, the lowest in three years.
• Approximately 377,000 zombies were activated daily during Q2, a significant increase compared to the 258,000 zombies in Q1.
• The most popular spam topic in Q2 was pharmacy ads, although these now represent only 24 percent of all spam, down from 28 percent in Q1.
• India keeps its title as the country with the most zombies – 17 percent of all zombies worldwide.
• Websites featuring pornography and sexually explicit material were the most likely to contain malware.
Commtouch’s quarterly trend report reflects the results of its analysis of billions of Internet transactions daily within the company’s cloud-based GlobalView™ Network.
Commtouch’s Recurrent Pattern Detection, GlobalView technologies and multi-layered Command Antivirus identify and block Internet security threats. More details, including samples and statistics, and a brief presentation summarizing the report are available at:
http://www.commtouch.com/threat-report-July-2011.
NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering.