When Microsoft slayed the notorious botnet Rustock, which had beensending as much as 40 percent of all spam worldwide, in March 2011,it forced the volume of spam into a decline from which it has neverfully recovered. But while spammers lost a major weapon in their arsenal with theRustock seizure, they have proven adept at changing their tactics.In the last few years, security experts say, spammers have embracedmore sophisticated means of tricking users into following links.They have also followed users from email onto social networks. At its peak in late 2008, spam accounted for more than 90 percentof all email sent in the world, with more than 5 trillion spammessages sent each week. In 2011, spam accounted for about 75percent of email with roughly 294 billion messages a week,according to Symantec's 2011 Internet Security Threat Report. Spammers have seen their incomes fall since boom times, but themajor players can still make a million dollars a year from eachmajor advertising client, according to Stefan Savage, a Universityof California San Diego computer scientist whose research intopharmaceutical spam has provided some of the most concreteinformation available about the underground spam economy. Of course, in the spam world, as in the real world, not everybodyis a big dog. "There are a small number of people who make a lot of money andthen it drops off precipitously," said Savage. The money lining spammers' pockets comes from average people whogive in to the temptation to buy cut-rate Viagra, or a fake Rolex,or perhaps a discounted cancer drug that they can't afford anyother way. In most cases, spam experts say, the suckers receive aproduct -- it may or may not work, but they do get something in themail. About three quarters of all spam messages promote realproducts. A spammer gets a 35-50 percent commission for each purchase made ona website that comes via a custom link that identifies him or heras the source of traffic. The spammer generally commandeers more ofthe profit than the seller, according to Savage. In order to makesuch an arrangement, the product must have a high profit margin tobegin with, which explains why unlicensed generic drugs,pornography, pirated software and casinos are popular topics ofspam email. To send out his messages, a spammer uses a stockpile of bogus emailaccounts he and his associates have hacked into or created for thepurpose. They might also purchase valid accounts. The going rate,according to Savage's research, is 1 cent for a Hotmail account and7 cents for a Gmail account. Spammers organize such transactions onunderground forums such as BlackHatWorld, over Internet relay chat,or even on mainstream websites like Freelance.com. Spammers also often purchase lists of would-be recipients' emailaddresses. Cybercriminals gather these addresses using key loggingsoftware on infected computers or by scraping them out of acompromised database on another website. They may download PDFsthat contain addresses and pay lackeys to enter them into adatabase. A tried and true technique involves crawling the Web insearch of email addresses. The least sophisticated technique issimply to guess: A common name at any domain will probably work,for example. An A-list spammer likely controls his own botnet using a servercalled a command-and-control center. If a spammer doesn't control abotnet, he will have to rent one to fire off his emails. "Botnets are the ultimate tools of trade in the cyber-crimeecosystem and are capitalized in many ways, but what's common isthe fact that the botmasters always get the lion's share," CatalinCosoi, chief security researcher at BitDefender, said in an emailinterview. The same botnet may simultaneously be launching another spam attackor, if the botmaster permits it, distributing malware. Spammers whoare willing to tolerate the increased risk of arrest that dealingin malware brings, may load malware programs or links to infectiouswebsites into the same email they are sending with anadvertisement. Researchers don't often get to peek into spammers' diffuse andwell-hidden operations. A few instances in which they managed to doso suggest that for every 10 million spam emails sent out, morethan 7.5 million are rejected at the ISP level. At least 2.45million are blocked by email systems' spam filters. (All of themajor filters enjoy success rates higher than 98 percent.) Just50,000 emails reach a user. At best half of those are opened.Roughly 300 people click on a link, and just 55 buy something. Aspammer would make more than US$2,000 from those clicks, though. Aphenomenal success would consist of getting two percent of theemail's recipients to click on a link. Volume is so key for commercial email spam that the technique iscalled "spray and pray," said Chester Wisniewski, a senior securityadvisor at Sophos. Malware gets more attention than commercial spam because itostensibly causes more damage. But it makes up just 3 percent ofall email and largely plays a supporting role to commercial spam.By bringing more computers into the botnet, it provides thefirepower to send all those commercial emails. When Microsoft destroyed Rustock, spammers lost control of a hugenetwork of unknown size (estimates ranged from about 850,000 tomore than 2 million infected computers). In the months followingthe take-down, the percentage of spam emails carrying malware, notincluding messages that pushed users to links that would deliverit, rose significantly according to Eric Park, an abuse analyst atSymantec. The trend suggested that spammers were endeavoring toregain the firepower they'd lost. Because malware plays the vital role of "botting" more machines,the spammers devote their craftiest messages to it. Significantinnovation has occurred in this area, possibly as a result ofincreased pressure on the command-and-control centers from lawenforcement and companies, including Microsoft, filing civilactions. Gone are the days of misspellings and amateur graphics. The emailsare timely, often alluding to current events. They also cleverlyplay on human psychology to ensure a click-through to the websitethat downloads the malware. One email purporting to come from theU.S. Postal Service notifies you of a package sent using a labelcharged to your credit card. The recipient will want to track downthe payment and obtain a refund, but the link simply promises toprovide more information. Spammers are also increasingly using social networks like Facebookand Twitter to drive users to their advertisements. Paul Judge,Barracuda's chief research officer, said the reason was simply"more eyeballs." Say a spammer has the maximum of 5,000 friends on Facebook. If heuploads a photo and tags it with the maximum of 50 people, Judgesaid, he can reach 250,000 people with a single photo andaccompanying link -- five times more views than result from 10million email messages. But in some ways the problem of spam on social networks is moreintrinsic than that. The sites' core function is to bring morepeople together and to share their opinions. The social networksmake it easy to join and easy to share content. In fact, the URL(unique resource locator) shorteners that have sprung up to furtherease sharing on social networks have been a boon to spammersbecause they create multiple links to the same page whileconcealing the domain name. Spammers have created an account -- and Judge cited estimates thatas many as 30 percent of Facebook accounts are fakes that belong tospammers -- they can buy a Twitter follower for 2 cents, a Facebookfriend for 3 cents or a "like" for 4 cents. Facebook accounts arealso not infrequently hacked, allowing the spammer to fabricate apublic recommendation of his product from the account holder. According to Chris Grier, a computer scientist at the University ofCalifornia at Berkeley who researches spam on social networks, thenumber of social spammers continues to grow, suggesting that theyare making money. The new cohort of spammers is not yet established enough to runtheir operations on botnets, said Grier. But security companieshave seen some botnets repurposed to run this kind of spam. Malwareis relatively rare, largely because the social networks take moreaggressive action against it than they do commercial spam. Experts say social networking sites are already getting moreserious about spam. Facebook recently announced a partnership withseveral security companies that would give users access to freeantivirus software for six months. And Twitter recently brought legal action against commercial spammers on its platform. The evolution is a familiar one. Web email providers like Hotmailwere initially hostile to security companies' overtures to helpwith spam, said Wisniewski of Sophos. But when the problem began tohurt their bottom line, they began working opening up to thecompanies. He expects Facebook and Twitter will act more and moreaggressively against spam if it begins to drive users away. But Grier offered the flip side of the comparison to email spam. "As the defenses get better, we'll see more sophisticated tools.We'll see the same sort of evolution on social networks" that wedid on email. Which means users could be in for a long ride. Cameron Scott covers search, web services and privacy for The IDG News Service . Follow Cameron on Twitter at CScott_IDG . The e-commerce company in China offers quality products such as RF Wireless Tablet Manufacturer , Electromagnetic Interactive Whiteboard, and more. For more , please visit Electromagnetic Interactive Whiteboard today!
Related Articles -
RF Wireless Tablet Manufacturer, Electromagnetic Interactive Whiteboard,
|