Spammers Switch to Compromised Accounts to Reduce Reliance on Botnets

  • Jul 13, 2011

Spammers today favor compromised accounts for sending spam, gradually shifting distribution away from botnets, Commtouch, a company that provides cloud-based Internet security services, recently reported in its quarterly Internet Threats Trend Report , which covers Web threats, phishing, malware and spam. The changed tactic has emerged as spam levels dropped dramatically, following several high-profile botnet takedowns.

“Spammers are trying to out-maneuver IP-based spam blocking techniques as well as law enforcement that have both effectively targeted botnets,” said Amir Lev, Commtouch’s chief technology officer. “They are now using a combination of malware and phishing to compromise legitimate accounts and then using these accounts to send low-volume spam outbreaks.”

On the Web security front, Facebook continued to be abused for attacks as more and more consumers expand their use of the social network.  Facebook malware tricked users by promising applications that reveal who was viewing their profiles as well as Osama Bin Laden death videos. 

Other malware distribution tactics used during the quarter included:

•Phony IRS “rejected payment” emails
•Fake iPhone 5 notifications
•SEO poisoning
•Malicious scripts within Adobe PDF files

Additional highlights from the July 2011 Trend Report include:

• Spam levels averaged 113 billion spam/phishing messages per day during Q2, the lowest in three years. 
• Approximately 377,000 zombies were activated daily during Q2, a significant increase compared to the 258,000 zombies in Q1.
• The most popular spam topic in Q2 was pharmacy ads, although these now represent only 24 percent of all spam, down from 28 percent in Q1.
• India keeps its title as the country with the most zombies – 17 percent of all zombies worldwide.
• Websites featuring pornography and sexually explicit material were the most likely to contain malware.

Commtouch’s quarterly trend report reflects the results of its analysis of billions of Internet transactions daily within the company’s cloud-based GlobalView™ Network.

Commtouch’s Recurrent Pattern Detection, GlobalView technologies and multi-layered Command Antivirus identify and block Internet security threats.  More details, including samples and statistics, and a brief presentation summarizing the report are available at:
http://www.commtouch.com/threat-report-July-2011

NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3