90 percent of e-mail is spam, Symantec says

Some spammers are dropping the use of botnets in favor of massive spam blasts

Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month.

That represents a 5.1 percent increase over last month's numbers, but it's nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets --networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets -- called Donbot -- generates 18.2 percent of all spam, according to Symantec.

These botnet computers can be rented out on the black market by anybody, but in recent months some spammers have been moving away from botnets, experimenting with a new way to sneak their unwanted e-mail past corporate filters, according to Adam O'Donnell, a researcher with antispam vendor Cloudmark.

"Some of the larger ISPs are seeing a lot of non-bot-driven spam," O'Donnell said. With these campaigns, the spammer will rent legitimate network services, often in an Eastern European country such as Romania, and then blast a large amount of spam at a particular ISP's network. The idea is to push as many messages as possible onto the network before any kind of filtering software detects the incident. Spammers are sending hundreds of thousands of messages per day using this technique, O'Donnell said.

Social networks are also becoming an increasingly important spammer's tool. Over the past week, criminals began taking over both Facebook and Twitter accounts, stealing users' passwords with different phishing attacks.

These stolen accounts are then used to spam the friends of the phishing attack victims.

In the case of the Twitter attack, the hacked accounts were used to send out bogus Twitter messages promoting a free trial of an acai berry dietary supplement. Security experts say that social-networking spam is particularly effective because it can't be filtered at the corporate firewall and appears to come from a friend of the recipient.

Symantec's report can be found here (pdf).

Tags: donbot, spam, symantec, trend micro

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CSO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
CSO Corporate Partners
  • FirEye
  • Clear Swift
  • Trend Micro
  • Sophos
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip
Clearswift tips: Guidelines for introducing and policing an effective IT Policy

1. Make it clear that the policy is not about playing ‘Big Brother’ but to ensure the security of employees, company information and data and to safeguard the company’s reputation.
2. Invest time to get buy-in from managers and their teams.
3. Convey the message of flexibility – with regard to social media, it is not about blocking staff usage but working in everyone’s interests to ensure that threats are contained.
4. Introduce a regular company-wide training programme that everyone attends at regular intervals throughout the year, not merely as part of an induction programme.
5. Within the training programme make sure that there are specific examples to demonstrate each rule or regulation, and that there is a clear explanation of the dangers of casual or careless talk on social networking sites. Again use examples, employees need to understand the consequences of raising a throwaway comment that has negative connotations for the business, as much as they need to be aware of dangers of making a more direct but ill-considered attack on a competitor, regulator or even a fellow colleague. They need to be clearly advised on any impact on the company and/or legal action or inquires that may be raised as a result.
6. Alert employees to any changes in policy through regular clear communication.
7. Reinforce the operational policy guidelines regularly, cover everything from blogging to Facebook, LinkedIn and Twitter.
8. Ensure that the rules are fair and that they apply throughout the business.
9. Enforce the rules – if there is a deliberate or malicious contravening, disciplinary action needs to be taken. A policy isn’t worth having if it is seen to be lax and unenforced.
10. Review the policy regularly to ensure you keep up to date with new systems and technology.

Phil Vasic is Regional Director, APAC, at Clearswift, the software security company www.clearswift.com
Security ABC Guides

7 Ways to Protect Your Business Printers

Can a hacker burn down your business by remotely setting one of your printers on fire? Researchers at Columbia University have recently proposed such a scenario, although HP quickly denied that it's possible. However, even if your printers can't be used as remote firestarters, there are many risks involved in networking a printer.

Read More
more »