The Government of Canada recently re-introduced anti-spam legislation, titled the Fighting Internet and Wireless Spam Act (FISA), in the House of Commons. The goal of the proposed legislation is to deter damaging and deceptive forms of spam and help drive spammers out of the country.
FISA is an important step in the ongoing fight against spam. The May 2010 MessageLabs Intelligence Report indicated that, in Canada, 89.4 per cent of email was spam. The global ratio of spam was 90 per cent.
Analysis revealed that nine out of 10 spam emails now contain a URL link in the message. In May, five percent of all domains found in spam URLs belonged to genuine web sites. Of the most frequently used domain names contained in spam URLS, the top four belong to well-known web sites used for social networking, blogging, file sharing and host other forms of user-generated content.
Domains belonging to well-known web sites tend to be recycled and used continuously compared with “disposable” domains which are used for a short period of time and never seen again. This is perhaps because some work is involved in acquiring them: the legitimate domains require CAPTCHAs to be solved to create the large numbers of accounts that are then used by spammers.
While Rustock is the botnet that uses the greatest number of disposable domains, Storm, which has recently returned to the spamming scene, is the only botnet that uses genuine domains in greater number than disposable domains.
Sixty-five per cent of spam from the Storm botnet uses a legitimate domain, many of which are for URL shortening services. Disposable domains are often used quickly after being first registered, and on average, 50 per cent are used within nine days, before spammers switch to newer domains.
Also, MessageLabs Intelligence intercepted a malware attack featuring the theme of The FIFA World Cup competition that starts in June. Composed in Portuguese and featuring the branding of one of the event sponsors, the email was sent from an IP address in Macau, China.
Once downloaded and activated, the malware produces files that generate pop-up messages and in the background collects information on what other machines are on the same network, enabling the attacker further access to the compromised computer.
The May level of email-borne viruses in Canada was one in 230.9, while the global ratio was one in 211.6. Malware may penetrate an organization in many ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives.
The most frequently blocked malware for the last month was the Sality.AE virus, which spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
With spammers and cyber criminals remaining as active as ever, legislation such as FISA can help flush out malicious and illegitimate activities and make sure that Canadian organizations follow better business practices.
Matt Sergeant, is a Senior Anti-Spam Technologist for Symantec Hosted Services