Home

New spammer tactics – compromised accounts now favored

July 12th, 2011 by Avi Turiel | Category: anti-spam, Data & Research, malware, Zombies/Botnets | 5 Comments »

In July’s Internet Threats Trend Report we describe our observations about spam and malware behavior over the past 3 months including:

  • The lowest spam levels in over 3 years
  • Huge email-borne malware outbreaks
  • Double the number of zombies activated daily
  • Greater use of compromised accounts to send spam

The new spammer tactic therefore calls for the use of compromised accounts to send spam as opposed to using botnets.  The blocking of spam from compromised accounts based on IP address is more difficult for anti-spam technologies that rely solely on IP-address-based rules, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).  One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable.

Having observed greater use of compromised accounts, we did some research into the use of compromised accounts for spam.  We looked at spam “from” Gmail and Hotmail and divided it into 2 groups:

  • Spam sent from a zombie with a phony Gmail or Hotmail address in the from field
  • Or, spam sent from a compromised or spammer account at Gmail or Hotmail

As shown, almost 30% of the spam from Hotmail actually comes from compromised or spammer Hotmail accounts.  Gmail spam, on the other hand, is mostly from zombies that simply forge their Gmail addresses.

On the Web security front, Facebook continued to be abused for attacks as more and more consumers expand their use of the social network.  Facebook malware tricked users by promising applications that reveal who was viewing their profiles as well as Osama Bin Laden death videos.  Other malware distribution tactics used during the quarter included:

  • Phony IRS “rejected payment” emails
  • Fake iPhone 5 notifications
  • SEO poisoning
  • Malicious scripts within Adobe PDF files

Additional highlights from the July 2011 Trend Report include:

  • The most popular spam topic in Q2 was pharmacy ads, although these now represent only 24% of all spam, down from 28% in Q1.
  • India keeps its title as the country with the most zombies – 17% of all zombies worldwide.
  • Websites featuring pornography and sexually explicit material were the most likely to contain malware.

A brief presentation of the Trend Report is also available.

 

Share and Enjoy:
  • email
  • Print
  • Twitter
  • Digg
  • Facebook
  • StumbleUpon
  • FriendFeed
  • del.icio.us
  • Google Bookmarks
  • LinkedIn
  • Technorati
  • Yahoo! Bookmarks
  • Reddit
Tags: ,
 
  • http://feedproxy.google.com/~r/SunbeltBlog/~3/D4k2i72XkQY/spammers-and-compromised-accounts.html GFI LABS Blog: Spammers and compromised accounts

    [...] and compromised accounts Our friends at Commtouch have blogged about something that is no surprise — spammers using compromised accounts vs. bots (their latest [...]

  • http://stooneroses.a60.us/?p=13615 ¿Recibes correos extraños de tus amigos con enlaces? | Openanimo

    [...] un par de días la empresa de seguridad Commtouch publicó un informe sobre las amenazas más comunes de internet en los últimos 3 meses, el spam obviamente es una de [...]

  • http://techwag.com/index.php/2011/09/01/consequences-far-outweigh-the-positives-with-spamming-social-data-streams/ Consequences far outweigh the positives with spamming social data streams » Techwag

    [...] New spammer tactics – compromised accounts now favored (commtouch.com) This entry was posted in Techwag Basics and tagged E-mail spam, Facebook, Google, Search engine optimization, Social media, Social network, Spam. Bookmark the permalink. ← How Comic Book Ink used social media to save their store [...]

  • http://www.cloudave.com/14696/consequences-far-outweigh-the-positives-with-spamming-social-data-streams/ Consequences far outweigh the positives with spamming social data streams

    [...] New spammer tactics – compromised accounts now favored (commtouch.com) [...]

  • http://www.karenspeaks.com/background-check-tennessee/ Background Check Tennessee « « Karen Speaks Karen Speaks

    [...] One Thing That Prevents Email ChaosCloud email? We move email back to basics in 2011…New spammer tactics – compromised accounts now favored var ajax = new Array(); function TrackClick(link,title) { var index = ajax.length; ajax[index] = [...]

Notify me of followup comments via e-mail. You can also subscribe without commenting.

 
© Commtouch Café
 | Site by illuminea | Sitemap