Spammers Target Free Hosted Applications in May

MessageLabs today announced the results of its Intelligence Report for May 2008. Analysis highlights that spam levels are back on the increase with levels reaching 76.8 percent of all e-mails in May, heights not experienced since early 2007. The rise in spam, according to MessageLabs, is due to the change of tactics adopted by the spammers this month, moving further away from reliance on new and undetectable e-mail attachments and moving toward the exploitation of free, mainstream hosted services such as Google Docs and Calendar and Microsoft SkyDrive.

"The savvy, intelligent and accurate cybercriminals of today seem to have abandoned the attachments tactic that was so innovative in late 2007 and are now focused on exploiting free hosted applications which have become mainstream in 2008," said Mark Sunner, Chief Security Analyst, MessageLabs. "The spammers are taking advantage of the fact that these services are free, provide ample bandwidth and are rarely blacklisted; this is one more addition to the growing list of ways the spammers have succeeded in outsmarting traditional detection devices."

In May, MessageLabs intercepted spam e-mails which contained links to spam contained in documents hosted on the Google Docs environment. With traditional spam filters not blocking links to the Google Docs domain, spammers are using this to their advantage, as well as tracking their success through the use of Google Analytics. Google Docs is not the only target of this kind on the spammers' radar. They are also using Microsoft's shared file hosting service, SkyDrive. Spam generated using this technique accounted for one percent of all unsolicited mail in May.

In addition to the variety of new spam techniques, several new phishing exploits this month were identitfied, including one which preyed on a bank's environmentally conscious customers. Using the Srizbi botnet to launch the attacks, the phishers took advantage of the Central Bank in Missouri's "Go Green" campaign to lure recipients into sharing their bank details in order to register for eStatements. Also in May, evidence was uncovered of phishing attacks claiming to be from HSBC bank which purported to be a secure connection via an https, however, closer inspection revealed that this was not the case and was actually a standard http link to a domain pretending to be the actual bank.

The battle of the botnets continued this month with the notorious but diminishing champion Storm being challenged by newer arrival, Srizbi. On 19 May, the Storm botnet distributed more than 81,000 copies of a new wave of malware with the amorous filename of iloveyou.exe, whereas Srizbi was deemed responsible for less prolific attacks but still accounted for more than 40 percent of all spam in May.

"If the distribution of malware by Storm this month was successful, we could expect to see a renewed deluge from Storm next month and further competition between Storm and Srizbi," Sunner said.

Other Report Highlights


Web Security: Analysis of Web security activity shows 30.5 percent of all Web-based malware intercepted was new in May, a decrease of 5.8 percent since April. MessageLabs also identified an average of 1,311 new Web sites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of approximately 100 per day compared with the previous month.

Spam: In May 2008, the global ratio of spam in e-mail traffic from new and previously unknown bad sources, was 76.8 percent (1 in 1.30 e-mails), an increase of 3.3 percent on the previous month.

Viruses: The global ratio of e-mail-borne viruses in e-mail traffic from new and previously unknown bad sources, was 1 in 170.1 e-mails (0.59 percent) in May, an increase of 0.13 percent since the previous month.

Phishing: May saw a decrease of 0.11 percent in the proportion of phishing attacks compared with the previous month. One in 265.6 (0.38 percent) e-mails comprised some form of phishing attack. When judged

as a proportion of all e-mail-borne threats such as viruses and Trojans, the number of phishing e-mails rose by 23.4 percent to 64 percent of all e-mail-borne malware threats intercepted in May.

Geographical Trends:

• In May, Hong Kong remained in the top spot as the most spammed country with spam levels reaching 85.9 percent of all e-mail. The largest increase in spam levels was observed in Singapore, with an increase of 9.7 percent.

• Spam levels increased across almost every region. In the US, levels reached 73.4 percent in May, 77.7 percent in Canada and 71.3 percent in the UK. Germany's spam rate reached 72.8 percent and the 74.3 percent in the Netherlands. Spam levels in Australia were 68.2 percent, 77.8 percent in China and 74.2 percent in Japan.

• Virus activity rose across many countries in May, with the largest increase in France at .40 percent. Switzerland remains the most targeted country for viruses with levels of 1 in 87.6 e-mails.

• Virus levels for the US were 1 in 393.3 and 1 in 193.7 for Canada. In the UK, virus levels were 1 in 101.7 and 1 in 235.6 for Germany. In Australia, virus levels were 1 in 189.9 and 1 in 597.5 for Japan.

Vertical Trends:

• Spam levels rose across all industry sectors in May, with manufacturing remaining the top vertical for spam activity at 83.7 percent. The greatest rise was noted in the non-profit sector, where spam levels rose by 7 percent to 81.3 percent.

• Spam levels for the retail sector were 80 percent, 75.7 percent for public sector and 71.1 percent for finance.

• Virus levels also rose across many industry verticals during May. Accommodation and catering claimed the most virus activity with 1 in 43.8 e-mails infected.

• Virus levels for the finance sector were 1 in 248.2, 1 in 226.7 for IT Services and 1 in 194 for retail.