Spammers Target Free Hosted Applications in May

MessageLabs today announced the results of its Intelligence Report for May 2008. Analysis highlights that spam levels are back on the increase with levels reaching 76.8 percent of all e-mails in May, heights not experienced since early 2007. The rise in spam, according to MessageLabs, is due to the change of tactics adopted by the spammers this month, moving further away from reliance on new and undetectable e-mail attachments and moving toward the exploitation of free, mainstream hosted services such as Google Docs and Calendar and Microsoft SkyDrive.

"The savvy, intelligent and accurate cybercriminals of today seem to have abandoned the attachments tactic that was so innovative in late 2007 and are now focused on exploiting free hosted applications which have become mainstream in 2008," said Mark Sunner, Chief Security Analyst, MessageLabs. "The spammers are taking advantage of the fact that these services are free, provide ample bandwidth and are rarely blacklisted; this is one more addition to the growing list of ways the spammers have succeeded in outsmarting traditional detection devices."

In May, MessageLabs intercepted spam e-mails which contained links to spam contained in documents hosted on the Google Docs environment. With traditional spam filters not blocking links to the Google Docs domain, spammers are using this to their advantage, as well as tracking their success through the use of Google Analytics. Google Docs is not the only target of this kind on the spammers' radar. They are also using Microsoft's shared file hosting service, SkyDrive. Spam generated using this technique accounted for one percent of all unsolicited mail in May.

In addition to the variety of new spam techniques, several new phishing exploits this month were identitfied, including one which preyed on a bank's environmentally conscious customers. Using the Srizbi botnet to launch the attacks, the phishers took advantage of the Central Bank in Missouri's "Go Green" campaign to lure recipients into sharing their bank details in order to register for eStatements. Also in May, evidence was uncovered of phishing attacks claiming to be from HSBC bank which purported to be a secure connection via an https, however, closer inspection revealed that this was not the case and was actually a standard http link to a domain pretending to be the actual bank.

The battle of the botnets continued this month with the notorious but diminishing champion Storm being challenged by newer arrival, Srizbi. On 19 May, the Storm botnet distributed more than 81,000 copies of a new wave of malware with the amorous filename of iloveyou.exe, whereas Srizbi was deemed responsible for less prolific attacks but still accounted for more than 40 percent of all spam in May.

"If the distribution of malware by Storm this month was successful, we could expect to see a renewed deluge from Storm next month and further competition between Storm and Srizbi," Sunner said.

Other Report Highlights

Web Security: Analysis of Web security activity shows 30.5 percent of all Web-based malware intercepted was new in May, a decrease of 5.8 percent since April. MessageLabs also identified an average of 1,311 new Web sites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of approximately 100 per day compared with the previous month.

Spam: In May 2008, the global ratio of spam in e-mail traffic from new and previously unknown bad sources, was 76.8 percent (1 in 1.30 e-mails), an increase of 3.3 percent on the previous month.

Viruses: The global ratio of e-mail-borne viruses in e-mail traffic from new and previously unknown bad sources, was 1 in 170.1 e-mails (0.59 percent) in May, an increase of 0.13 percent since the previous month.

Phishing: May saw a decrease of 0.11 percent in the proportion of phishing attacks compared with the previous month. One in 265.6 (0.38 percent) e-mails comprised some form of phishing attack. When judged