Vulnerabilities / Threats
7/1/2009
04:10 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Sees Spam Surging

Spam, like movie zombies, just keeps coming. Despite the closure of spam ISPs, unwanted messages continue to spread.

Spam continues to proliferate, despite the shutdown of major spam sources.

Google reports that the average volume of spam messages in the second quarter of 2009 was 53% higher than it was in first quarter of the year.

MX Logic, a Web and e-mail security company, reports a more significant increase during that period: It says spam volume increased 51% in June, 35% in May, and 40% in April. The company says that spam as an overall percentage of e-mail volume is at its highest point since December 2006 when image-based spam was at its peak.

There have been some recent declines in spam volume, prompted by the closure of ISPs hosting spam-related infrastructure. But those declines have swiftly been reversed as new spammers have stepped in to fill the void.

According to Amanda Kleha, a member of Google's message security team, the closure of the ISP McColo in November led to a 70% drop in spam volume. But within four months, as she explained in a blog post on Wednesday, spam volume had recovered.

Another ISP that served spammers, 3FN or Pricewert, was shut down by the FTC on June 4. Kleha says that reduced spam volume by 30%. "[I]t also created an open invitation for opportunistic spammers to once again seize a market opportunity," she said.

Since then, spammers have pushed spam volume up 14% from levels seen following the 3FN closure.

Kleha notes that spammers have recently been revisiting retro spam techniques. These include newsletters sent out with malicious links and images and image spam, which was big in 2007 but has declined as security vendors adapted. She speculates that this resurgence of old-style spam may reflect newcomers entering the business. She also acknowledges the possibility that it may be a way of testing the scope of current spam defenses.

June also saw a resurgence of payload viruses, otherwise known as malicious e-mail attachments. Kleha sees this as an effort by spammers to expand their botnets.

MX Logic expects that the coming July 4 holiday in the U.S. will prompt holiday-themed attacks.

Black Hat is like no other security conference. It happens in Las Vegas, July 25-30. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1774
Published: 2015-04-28
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVE-2015-1863
Published: 2015-04-28
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

CVE-2015-3340
Published: 2015-04-28
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.