Phishing and malware attacks are dangerous to computer and Internet users no matter how the attackers orchestrate the attacks. By using “Spamming out,” phishers deceive Internet users more effectively. Unfortunately, this results in usually vigilant users giving out sensitive information, or clicking on malware-laden emails and attachments – even when they know better.
In fact, according to a report by the Anti-Phishing Working Group (APWG), more than 45 percent of all phishing attacks in the first half of 2011 were effective in stealing specific sensitive data from users by installing malware. Recent spammed out attacks against Adobe customers are just two examples of why this method is so successful and dangerous. Let us look at what spamming out is and at what else Internet users should know about spam and phishing.
What is “spamming out?”
Phishers use spamming out to distribute phishing emails, or fake emails containing malicious links and attachments, or both. Phishers use spamming out to attack users as fast as possible and with as much reach as possible before anyone catches on to their maliciousness. Many of the spamming out attacks this year focused on Adobe and Java customers, according to a M86 Security Labs Recap Report for the first half of 2011. In fact, two recent attacks included spammed out emails to Adobe InDesign, Adobe Reader, and X Suite Advanced customers, according to Sophos. The attacks appeared to be from Adobe Inc. Customer service representatives, and contained either a fake license key or a fake upgrade.
Why does spamming out work?
Because spamming out a phishing attack allows attackers to send the largest number of emails in the shortest amount of time possible, the attackers have great success. Spamming out increases the chances that targeted account users receive the email, click on the malicious links, and visit the malicious websites. Typically, heavy users are less susceptible, but with the ever-increasing use of emails appearing real, it makes even the most skeptical of Internet users susceptible, especially as more people take less time to examine emails.
How Prevalent are Spamming out and Botnets?
Spamming out allows as much malware to be distributed as possible, and the malware compromises the users’ computers. This adds the computers to an existing botnet or creates new ones. Compromised computers are called zombie computers, and the zombie computers are sending the spam.
According to the M86 Security Labs, even though the United States servers played host to 32.4 percent of all phishers and spammers in 2011, the top spam host of the year, this number had decreased from 2010 by 10 percent. The top nine countries next to the U.S. included China, Germany, United Kingdom, Russian Federation, France, Italy, Brazil, the Netherlands, and Canada in 2011.
Because Microsoft was able to disable the Rustok botnet in March 2011, and because the SpamIt.com botnet network was disabled in September of 2011, spammed out emails dropped by 90 percent as of June of 2011, according to M86. However, spambots and botnets still comprise more than 93 percent of all spamming out attacks and botnets worldwide. Without Rustock, Donbot sends 22.4 percent and Lethnic sends 17.4 percent of spam. Other prolific spambots as of June 2011 included CutWail1, Maazben, and Xarvester, and a few others.
Attackers are able to deceive users by spoofing real company logos and email addresses, among other legitimate information, so users might think the emails are legitimate. While many attackers go to endless lengths and make spam look legitimate, if an email winds up in a user’s spam box, chances are it is spam and the email should stay there. When in doubt, always confirm with the company in question by contacting it directly from its website.
Sources:
“Tracking Spam Botnets,” M86
“Security Labs Recap Report 1H2011,” (PDF) M86
“Phishing Activity Trends First Half Report 2011,” APWG
Richard Boscovich, “Taking Down Botnets: Microsoft and the Rustock Botnet,” Technet
Graham Cluely, “Adobe InDesign License Key Malware Attack Spammed Out,” Sophos
Graham Cluely, “Beware Adobe Software Upgrade Notification – Malware Attached,” Sophos