Spam peaked at 94 percent in Q3 2008

by Steve Ragan - Oct 15 2008, 18:17

Commtouch released its Q3 trending report today. The reputation management company reported that Spam levels peaked at 94 percent of all e-mail in the month of July, with a low of 61 percent earlier this year. The report also outlined the trend of cloaking, which intensified during the third quarter.

Spammers were certainly crafty buggers in the third quarter, finding new ways to send Spam from legit mail servers and domains while taking advantage of the fact they are likely to slip past most e-mail defenses. The method that got the most coverage used by the Spammers is CAPTCHA cracking.

At various points throughout the year, Spammers were reported to be using humans and bots to crack CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) security used by Google’s Gmail, Yahoo, and MSN. There were reports of bots cracking the CAPTCHA code; however, the unique stories centered on the business market that developed.

Humans are now being paid to crack CAPTCHA code, albeit a small wage, but there are whole teams who now do this full time. These cracked CAPTCHA codes are used on legit services like Live.com and Tripod.com to flood the Web with junk mail. This proves once and for all that CAPTCHA is dead, and something stronger needs to replace it. The human element in the cloaking methods also spiked in the number of Phishing attacks where compromised e-mail accounts were used to send Spam.

Blended attacks also gained momentum in July, with gore and mayhem used as a means to load malicious content on computers.

“In late July a massive blended threat attack used the promise of gruesome videos featuring shocking acts of bodily mutilation and human cruelty. Macabre subject lines did the trick, causing users to open the email message,” the report explained.

Some examples of these gore-laced e-mails, which could pass as classic B-Movie titles include the likes of “boy pokes fork into sister’s eye”, “raw footage of snake swallowing horse”, and “man breaks arm in horror fall”.

Each of the e-mails links to  Web sites where Malware, such as XP Anti-Virus or any number of payloads from the “missing codec” pages, is installed.

“Today, blended-threats have become one of the most popular techniques for spam and Malware distribution. Presumably, this is because they are still managing to get past common defense solutions. The web component of blended-threat emails poses the biggest challenge, since often times malicious content is hosted either on legitimate sites that have been hacked or on popular public platforms like BlogSpot or Flickr,” ads the report.

The advice from Commtouch, as well as most vendors, remains the same: Don’t buy the trumped-up headlines you see in the subject line of e-mails, and take care to avoid e-mails asking for personal information.

You can view the full report directly by clicking here.

Around the Web