Spammers attempt to hide their bad reputation through the use of valid or reputed mail servers, mainly web mail accounts, while malware hidden in legitimate sites is on the rise. And spammers continue to use attractive content, like celebrities and doomsday announcements for greater effectiveness.
This are some of the findings of Cyberoam's third quarter e-mail threat trend report, prepared in collaboration with partner Commtouch.
With improving filtering tactics, spammers found new ways to send spam from legitimate mail servers and domains instead of sending e-mail from a known spam IP address or an infected bot server. They are stealing legitimate e-mail senders' credentials, compromising e-mail account enrollment processes and automatically registering thousands of free email accounts mainly by using algorithms to break CAPTCHAs which are meant to eliminate mass automated registrations.
Spam with gruesome videos, doomsday announcements, celebration days, love mails and celebrities made up for massive blended attacks, playing on user psychology and curiosity. Often, the malicious content, including flash spam among others was hosted either on legitimate sites that have been hacked or on popular public platforms like Blogspot or Flickr taking advantage of security solutions' reluctance to generate false positives.
Abhilash Sonwane, vice-president: product management at Cyberoam, comments: "Given the blended nature of attacks, unified security that includes anti-virus, anti-malware and content filtering solutions provide second and third layers of protection by preventing downloads of malware from websites and preventing users from accessing malware-laden sites inadvertently.
"Even though having a strong anti-spam solution at the gateway stops spreading of spamware through official email addresses, malware-linked spam can slip in through personal email ids. Building user awareness and enforcing responsible surfing behavior in corporate networks prevents such threats significantly."
Ironically, spammers also played upon users' desire to defend themselves against web-based threats where an e-mail like firstname.lastname@example.org' was designed to look like a notification of an update to the popular IE7 web browser complete with disclaimer from Microsoft site. Users who clicked on the link were hit with a nasty executable file.
Although reputation-based solutions are continuously improving at blocking zombies, with over 55 % of zombies or bots having a lifespan as short as a single day, the solutions need to be continuously updated to maintain accuracy.
Germany and China showed the fastest zombie IP address turnover at 79 % and 78 % respectively. While Telecom Italia and Verizon remained in the Top 7 zombie hotspot domains, ukrtel and Airtel Broadband are the new entries and Brasil Telecom slipped below the top 10.