 |
 |
 |
|
 |
|
 |
| ||||
| ||||
|
 | |||||||||
|
At its peak in January 2007, Symantec estimated that image spam accounted for 52 per cent of all spam. In June, almost 15 per cent of spam was image spam.
"The analysis we've done really shows that vendors have done a better job at stopping image-based attacks," said Doug Bowers, senior director of anti-abuse engineering with Symantec.
However, despite the decrease image spammers have not gone away with Symantec reporting the increase emergence of PDF image spam in July. The first variant of this new spam e-mail had a PDF attached purporting to be a legitimate stock newsletter. This newsletter does not follow the normal rules of images typically used in spam. For example, the newsletter looks professional and does not contain any noise or distortions that would normally be associated with image spam. In the second variant, the PDF attached to the e-mail contained a stock spam image. This approach is very similar to image spam attacks focusing on stocks. The goal is to evade anti-spam filters, which depend on being able to "read" the text of a message. This variant of PDF image spam was targeted to over 30 million end users between June 17 and June 27 of 2007.
Bowers said protecting oneself from this new form of image spam comes down to being aware that spam messages out there are now using the PDF format and hopefully users have anti-spam technology in place that is doing an effective at job blocking these new kind of attacks.
While image spam was decreasing, scams and fraud spam increased from nine per cent in March to 14 per cent in June. One such fraud spam that was observed in June was a spam attack that claimed to offer free money to a business, "hassle-free." The recipient was directed to call a number to turn this "dream into a reality". This spam e-mail was targeted to over 32 million end users over a 20-day period in June.
"When we see a category increase, it means spammers are making money off it," said Bowers. He added that users need to be smart when receiving such spam and understand that these messages, no matter how topical, can be a scam and having the right anti-spam solution will help keep those spam message out of inboxes.
Other highlights of the report noted a decline in health spam from 23 per cent in March to 13 per cent in June. Symantec did notice that this year's Wimbledon tournament, which started on June 25, was used to lure recipients into a medical spam e-mail.
Bowers believed that decrease in health spam can be attributed to the lack of profits spammers are making off them.
The Symantec report also noted that directory harvest attacks (DHA) have taken on a different level. A DHA is an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database. Symantec recently observed a simplified version of a DHA. Using the premise of being a casual acquaintance, the recipient was asked if they were still at that e-mail address and if they could e-mail the sender to receive an important message.
"Users can get confuse when see this kind of message [because it is] not promoting a product so they think it is harmless to see what happens," said Bowers. He added that if users see a message like this, even if it is not offering something it can be harmful as it reveals that the e-mail address is connected to a real person.
A solution to a DHA is using anti-spam products such as ones from Symantec uses intelligence to look for patterns of someone trying random e-mail addresses associated with a domain and block it once it realizes it is a DHA.
As for next month, Bower said that he sees spammers feeling out what techniques are going to increase their delivery rate the most in order to get spam messages through.
|
|
|||||||
| |||||||||
|
home | feedback | printer friendly version | email this article
©2009 Integrated mar.com Corporation | 1.800.465.2059 |
|
|||||||
 | |
1,460 | |
 | |
419,343 | |
 | |
44,781,455 | |
 | |
$49,567,397,483 | |
 | |