Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month.
That represents a 5.1 percent increase over last month’s numbers, but it’s nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.
Symantec reported that nearly 58 percent of spam is now coming from so-called botnets –networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets — called Donbot — generates 18.2 percent of all spam, according to Symantec.
These botnet computers can be rented out on the black market by anybody, but in recent months some spammers have been moving away from botnets, experimenting with a new way to sneak their unwanted e-mail past corporate filters, according to Adam O’Donnell, a researcher with antispam vendor Cloudmark.
“Some of the larger ISPs are seeing a lot of non-bot-driven spam,” O’Donnell said. With these campaigns, the spammer will rent legitimate network services, often in an Eastern European country such as Romania, and then blast a large amount of spam at a particular ISP’s network. The idea is to push as many messages as possible onto the network before any kind of filtering software detects the incident. Spammers are sending hundreds of thousands of messages per day using this technique, O’Donnell said.
Social networks are also becoming an increasingly important spammer’s tool. Over the past week, criminals began taking over both Facebook and Twitter accounts, stealing users’ passwords with different phishing attacks.
These stolen accounts are then used to spam the friends of the phishing attack victims.
In the case of the Twitter attack, the hacked accounts were used to send out bogus Twitter messages promoting a free trial of an acai berry dietary supplement. Security experts say that social-networking spam is particularly effective because it can’t be filtered at the corporate firewall and appears to come from a friend of the recipient.
Symantec’s report can be found here (pdf).