Spammers Are Planning for the Holidays

Symantec’s October 2009, MessageLabs Intelligence Report, shows how far ahead Spammers plan in order to entrap the unwary web surfer. Just as you are preparing for the holidays, so are the Cybercriminals. As the old saying goes “forewarned is forearmed”, so be prepared.

Courtesy of MessageLabs:

October begins the holiday season and for the next three months, online shopping and research will become a premium for consumers.  Symantec today announced its October 2009 MessageLabs Intelligence Report which reveals the that the spam gangs behind the biggest botnets – Cutwail, Rustock and Donbot – are using the same upcoming major holidays and world events as the themes for their the latest spam runs.

Highlights from the latest report.

Halloween – Trick or treat?  Only 0.5% of spam right now is tied to Halloween – however MessageLabs Intelligence expects approximately 500 MILLION Halloween themed spam emails to be in circulation worldwide, each day, as the holiday approaches this week. The majority of this type of spam links to pharmaceutical or medical spam sites and comes from the Rustock and Donbot botnets.

Thanksgiving and Christmas – Spam from the Cutwail botnet uses both Thanksgiving and Christmas as a theme to sell replica watches. To date, holiday spam accounts for approximately 2% of all spam. More than 2 BILLION Thanksgiving or Christmas-themed spam emails are projected to be in circulation globally each day.

And spammers are even preparing for some of the next big holiday and major events in 2010 already.

Valentine’s Day – MessageLabs Intelligence has already started to see the first runs of St. Valentine’s Day spam, more than 4 months before the occasion. These are being sent from the Cutwail and Rustock botnets, and relate to pharmaceutical and medical spam.

2010 World Cup – Next summer’s soccer games in South Africa have already precipitated a small number of spam messages relating to the event. These are advance-fee fraud or 419-style scams, and they include images of Nelson Mandela and the official FIFA logo.

How successful are these scams? Consumers fall victim to messages like this all the time, fueling an underground economy worth an estimated $105 billion in profit from fraudulent activities.

“As is typical with spammers this time of year, we are seeing them try to capitalize on the holiday season,” said MessageLabs Intelligence Senior Analyst, Paul Wood. “Although they may be a bit overzealous, spamming is a numbers game and the spammers have certainly succeeded with volume thus far. Perhaps their early-bird approach is an attempt to compete with the other botnets and get in early to maximize their chances of success.”

You can read a full copy of the report here.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

MessageLabs Reports Spammers Shortened URLs Cause Business Shut Down

The unlimited power that cyber-crooks exercise over legitimate traffic on the Internet is becoming more evident. Imagine legitimate businesses being forced to cease operations because of cyber-criminals. Unfortunately, given the current “wild west” state of the Internet, this is now a sad reality.

Courtesy MessageLabs Intelligence

According to Symantec’s new MessageLabs Intelligence report, unveiled today, shortened-URL spam continues to be a popular technique for spammers seeking to sell drugs online.

Spammers are taking advantage of the heightened interest in health-related issues such as swine flu and Obama’s healthcare reform, to distribute large shortened-URL spam runs using the powerful Donbot botnet.

In August, the ongoing abuse of shortened-URLs as a delivery mechanism resulted in a number of legitimate URL-shortening services being forced to close their businesses due to their inability to handle the malicious use of their tools.

Shortened-URL spam has had a big impact on users and businesses this month, but it’s not the only technique we’re seeing from the bad guys. Other online threats that should also be on your radar:

Cutwail’s nine lives: On August 1^st, Latvian ISP Real Host was shutdown, causing Cutwail’s activity levels to drop by 90 percent. However, it only took Cutwail a matter of days to recover, demonstrating just how powerful and intelligent this botnet has become.

DDoS attacks on social networks: A number of social networking websites were recently reported to be victims of DDoS attacks. MessageLabs found that the attacks may be linked with a spam run against an anti-Russian blogger.

MessageLabs Intelligence suggests that this small but strategic spam run contributed to the DDoS attacks on these social networking sites. A botnet was also used to conduct the DDoS attack in parallel, with compromised computers under the botnet’s control commanded to open the page of the targeted social networking website.

Old malware comes back to haunt us: MessageLabs Intelligence analysis highlights how cybercriminals are three times as likely to favor repurposing malware across numerous domains rather than developing new tactics. In August, analysis of malware being blocked each day highlights that only 11.9 percent was newly developed malware.

You can find the full MessageLabs Intelligence report here.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

MessageLabs Reports on the Battle of the Botnets

Competition in the cyber-criminal game? You bet – read what MessageLabs Intelligence has to say about competition in the botnet spam business.

Courtesy MessageLabs Intelligence:

The battle of the botnets is on with Donbot, Cutwail and Mega-D all vying for the top spot and sending up to 21 billion spam messages each day, according to MessageLabs Intelligence.

With all three botnets each responsible for distributing 15-20% of all spam globally, the battle was neck and neck.

However, Cutwail was taken out completely for a brief time last weekend (1 August and 2 August) when Latvian ISP Real Host was taken offline while Donbot ramped up its efforts. Cutwail then restored itself to its previous levels overnight and was back in the race by Monday (3 August).

Continuing to focus on spam runs with shortened URLs, first reported by MessageLabs Intelligence in early July, Donbot was responsible for three additional recent spam runs. One of these runs accounted for as much as 9.25 percent of all spam in a single day (28 July).

According to Symantec, spam volumes for that day were 108 billion, so Donbot’s shortened URL spam for that day could have been up to 10 billion spam mails. The email spam subjects indicate that Donbot is focused on pharmacy spam for discount meds.

“Shortened URLs are being seen continuously in spam,” said MessageLabs Intelligence Senior Analyst, Paul Wood. “And at the same time, shortened URL sites are being forced out of business as they get abused to death by spammers. Even sites that are known for using short URLs are taking measures to phase them out or prevent users from posting malicious links generated from these sites.”

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Spammers Go Short – Cut Link Lengths

The presence of shortened URLs in spam has skyrocketed over the past few days and now appears in more than two percent of all spam, according to MessageLabs Intelligence.

With many social networking sites providing character restrictions on status updates and messages, the use of free URL redirection services which turn lengthy web addresses into shortened URLs, is increasing in popularity with spammers for a number of reasons.

According to Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec – “There are literally dozens of websites that offer URL shortening services and spammers have realized that using these services eliminates the need to solve a CAPTCHA or register an account.”

“The newly shortened URLs also help cybercriminals disguise the true destination of where their victims will click through to, posing further risks of entering websites used to conduct drive-by malware attacks as well as spam. Donbot, the botnet responsible for sending approximately five billion spam messages every day, is one of the main culprits using this technique. Links of any size all need to be treated with caution.” Since you are a cautious Internet user, you know that, right?

For more information on email security, checkout MessageLabs Solutions.