2009 — a Happy New Year for spammers

Expect a resurgence of spam this year as cyber criminals quickly adapt to new policies on “domain tasting” and design more professional-looking messages, cautions the January Spam Report published recently by security firm McAfee Inc.

Watch related video: Cybercriminals profit from global recession – McAfee

The shut down of McColo Corp., a U.S.-based firm that hosted a staggering number of spam command and control centres – immediately cut spam levels by 60 per cent at the end of 2008.

But the reprieve didn’t last long.

Spam volumes started rising again rising and are currently just around 20 –30 per cent less than what they were prior to the McColo shutdown.

Spam will return to its original levels as spam-friendly Web hosting service providers pop up in countries eager to embrace a burgeoning Internet market, said Dave Marcus, security research and communications manager at McAfee Avert Labs in Santa Clara, Calif.

He said free Web hosting sites and blogging services will increasingly be abused by spammers in coming months.  

“With McColo offline, spammers need new ways to send spam cheaply.”   

Free or cheap services – such as Geocities, Blogspot and Live – allow users to create a public Web site without authentication. So they enable spammers to send thousands of messages and post links with very little investment, the McAfee report noted.

It says spam from blogging and other “do-it-yourself Web sites” arrives at the intended destination far more frequently than links pointing to domain names assigned by legit registrars.  

Lack of punitive measures instituted by the Web host, and the attraction of free bandwidth make these public services very attractive.

Spam is increasingly targeted at corporate executives, the McAfee report says, noting that online networks — such as LinkedIn — are providing hackers much more information on such high-profile persons than ever before.

Such spam will be the channel through which hackers attempt to infiltrate corporate networks and financial data centers and gather sensitive information – which can then be used for blackmail or sold on the underground market.

With data breaches becoming widespread, many corporations will tighten their security policies over the next year — especially as interaction with job seekers over the Web becomes more common, according to the McAfee report.

LinkedIn is often used to post resumes and that network will also be more vulnerable, as the economic downturn has many job seekers feeling stressed and clicking on links they ordinarily would steer clear of. 

Scams promoting home-based business ventures – conducted via e-mail or social networking sites – are also on the rise, McAfee’s Marcus said.

One reason for this is many laid-off persons are looking for new ways to upgrade their skills through quick and easy certification programs, or are more willing to take a temporary job that involves a pay-to-play strategy.

In 2008 scams conducted via social networks — such as Twitter, LinkedIn or Facebook — met with a lot of success. That’s because members of these networks are used to receiving personalized e-mails and wouldn’t be suspicious of links sent to their personal account, Marcus said.

He said social networking is troubling because it provides criminals with a lot of information. “When you receive an e-mail that says ‘dear first name, last name’ along with a message that includes personal details about you, the chances of being fooled – and that spam campaign succeeding – increase.”

2008 also saw a spurt in localized phishing campaigns on college campuses as well as offices, the McAfee report says. E-mails fooled recipients by associating their messages with school finance departments or scholarship committees.

The professionalism of phishing campaigns will continue to increase this year, Marcus said. As in the case of fraudulent Web sites, the verbiage in phishing e-mails has improved as well, easing suspicions about their source.

The upcoming tax season will be a busy time for spammers of every hue.

Marcus notes that one of the most successful ruses cyber crooks have used in the past is to tie spam to current happenings – “whatever is on the collective conscience.”

This year’s tax spam, he says, won’t differ much from the event-based spam we’ve seen in past, but will have a more professional look.

Spammers will use real logos and the e-mail signatures of corporate tax service companies, along with geography-specific language to personalize their messages.

But we could expect less spam from new, legitimate sites this year because of new rules introduced by the Internet Corporation for Assigned Names and Numbers or ICANN, a non-profit organization that oversees the Internet, Marcus said.

Prior to June 2008, he said, users could engage in “domain tasting.”  This meant they had five days after purchasing a domain name to play around with the site. They would receive a full refund if they changed their mind about the purchase before within that “grace” period.

Spammers took advantage of this facility by creating thousands of Web pages, sending spam from the new domains and then closing the sites before the five-day grace period elapsed.

ICANN responded by initially creating a 20 cent fee for excess deletes in June 2008, says Craig Schwartz, chief gTLD registry liaison at ICANN.

This dramatically reduced the number of Add Grace Period (AGP) domain name deletes, he said.

For instance, in June of 2008 there were 17.5 million AGP deletes a month across all registries. But after creating the temporary AGP provision for deletions in July, the numbers decreased to 8 million deletes – an 84 per cent reduction in a single month.

The new policy allows users to get a refund on 10 per cent of deletions or 50 domain names – whichever is greater.

The price of $6.86 for a single domain name will deter criminals from abusing this process for spam and continue to have a significant impact on reduction levels, says James Quin, senior research analyst at Info-Tech Research in London, Ont.

However, reduced spam from legitimate domains will mean more spam from other sources, such as free Web hosting sites and blogs, he predicted.

Lowering spam levels from free sites will be the responsibility of the site owners, who need to be good “net citizens”, he said.

Twitter is starting to address this concern after a major security breach of its celebrity accounts recently.

Quin says responding to such issues take much time and effort – which many sites may be reluctant to invest. “But the few that do it diligently will help reduce security concerns for their users.”

In coming months a great deal of spam Canadians receive will revolve around on the economy and the tax season, the Info-Tech analyst predicted.

He said changing lending practices in the U.S., in particular, will have an effect on credit-related spam. “This may not be as prevalent in Canada because we’re not as restrictive but it is certainly something to look out for.”

Quin said as most of such spam will originate in the U.S., it will very likely make reference to the Internal Revenue Service (IRS) – a clear signal the message is spam.

The biggest challenge will be continuing to educate Internet users on the dangers of spam, he said. “Every day users need to understand threats, not click on links, not to pay attention to interesting pop ups, or random videos sent to their Inbox.”

With more companies taking direct action against spam senders, it is now in the hands of the public to protect themselves, he said, by not mindlessly clicking around and falling for the same old hacker tricks. 

Share on LinkedIn Share with Google+