Vulnerabilities / Threats
7/1/2009
04:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Sees Spam Surging

Spam, like movie zombies, just keeps coming. Despite the closure of spam ISPs, unwanted messages continue to spread.

Spam continues to proliferate, despite the shutdown of major spam sources.

Google reports that the average volume of spam messages in the second quarter of 2009 was 53% higher than it was in first quarter of the year.

MX Logic, a Web and e-mail security company, reports a more significant increase during that period: It says spam volume increased 51% in June, 35% in May, and 40% in April. The company says that spam as an overall percentage of e-mail volume is at its highest point since December 2006 when image-based spam was at its peak.

There have been some recent declines in spam volume, prompted by the closure of ISPs hosting spam-related infrastructure. But those declines have swiftly been reversed as new spammers have stepped in to fill the void.

According to Amanda Kleha, a member of Google's message security team, the closure of the ISP McColo in November led to a 70% drop in spam volume. But within four months, as she explained in a blog post on Wednesday, spam volume had recovered.

Another ISP that served spammers, 3FN or Pricewert, was shut down by the FTC on June 4. Kleha says that reduced spam volume by 30%. "[I]t also created an open invitation for opportunistic spammers to once again seize a market opportunity," she said.

Since then, spammers have pushed spam volume up 14% from levels seen following the 3FN closure.

Kleha notes that spammers have recently been revisiting retro spam techniques. These include newsletters sent out with malicious links and images and image spam, which was big in 2007 but has declined as security vendors adapted. She speculates that this resurgence of old-style spam may reflect newcomers entering the business. She also acknowledges the possibility that it may be a way of testing the scope of current spam defenses.

June also saw a resurgence of payload viruses, otherwise known as malicious e-mail attachments. Kleha sees this as an effort by spammers to expand their botnets.

MX Logic expects that the coming July 4 holiday in the U.S. will prompt holiday-themed attacks.

Black Hat is like no other security conference. It happens in Las Vegas, July 25-30. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.