In-Depth

Security: Spam for the Holidays

This year, spammers are more proactive than ever, and that has some security researchers worried.

• By Stephen Swoyer
• 11/10/2009

It seems as if the sharp decline in spam volumes that attended last November's shutdown of the notorious McColo hosting provider has come to an end. Spam levels increased steadily in both August and September (see: http://esj.com/articles/2009/10/20/state-of-spam.aspx), a trend that continued in October, according to the latest research.

With the holidays -- long a fruitful phishing ground for spammers and other malcontents -- fast approaching, spam levels seem to have rebounded to pre-McColo levels, and that has some security researchers worried.

Spam accounted for 88.1 percent of all e-mail volume in October, an increase of 1.7 percent over September, which in turn saw increased spam volume relative to August. With Halloween, Thanksgiving, Christmas, Boxing Day, and New Years on tap, researchers warn, spam levels will increase further still.

Halloween -- not Thanksgiving -- marks the official start of the holiday spam season, according to researchers with messaging security specialist (and Symantec Corp. subsidiary) MessageLabs.

They estimate that Halloween-themed spam traffic will exceed 500 million messages daily in the week or two prior to Halloween.

That's just the beginning. Spammers are nothing if not proactive, MessageLabs researchers note; like many retail shops, they're already pitching Thanksgiving- and Christmas- and even Valentine's Day-themed mal-mailings. "Thanksgiving and Christmas are both important times in the spammers' calendars, and MessageLabs Intelligence has already identified a significant number of spam messages relating to these holidays," write MessageLabs researchers.

"To date, [holiday-related mailings] accounts for approximately 2 percent of all spam. More than 2 billion Thanksgiving- or Christmas-themed spam e-mails are projected to be in circulation globally each day," they continue. "It is worth noting that MessageLabs Intelligence has also been tracking the first runs of St. Valentine's Day spam more than 3 months before the occasion on 14 February 2010. Again sent from the Cutwail and Rustock botnets, these spam messages relate to pharmaceutical and medical spam."

There's a bright spot, however: phishing attacks in the English-speaking world are less prevalent. One possible explanation, researchers say, is that fewer trusted phishing toolkits are readily available. Call it a case of malware biting its malicious architects.

"Toolkits such as Zbot or Zeus used to be preferential for those cyber criminals who could afford to buy them, until they fell into the public domain and became plagued by hidden backdoor Trojans. The Zeus toolkit can be used to create highly customized botnets, phishing attacks, and identify theft and other malicious activities," researchers write.

On the other hand, phishing activity in non-English-language mailings is almost certainly increasing, researchers note. Meanwhile, phishers appear to be broadening the scope of their attacks, targeting Web-based e-mail services in addition to bread-and-butter financial services. "Phishing attacks in languages other than English appear to be increasing, and languages such as French and Italian are becoming increasingly popular for phishing attacks," they indicate.

"Although the Financial sector is the most common target of phishing attacks, online services such as Web-based email are also popular. The reason for this is perhaps the widespread use of e-mail addresses being used to authenticate other sites, especially social networking sites, online retailers, and auction sites."