Spam is now so common that many computer users see it as an inevitable irritant and delete it without a second thought. However, spam can have serious repercussions, from clogging business networks to causing delays and financial loss.
Furthermore, spam is becoming increasingly malicious, often containing viruses or Trojan horses that the user unwittingly downloads by clicking on a link or attachment in the email.
In these instances, the spammer's ultimate aim is to get access to sensitive and confidential information for financial gain, and email offers an effective distribution channel, especially given the use of sophisticated techniques that make it easier to bypass spam filters.
One of the big trends of 2006, and one that is continuing into 2007, was the use of spam containing embedded images. Approximately 35 per cent of all spam now uses images to try and sneak past anti-spam filters, as some filters can only analyse textual content and therefore cannot detect these messages.
Image spam is especially popular with scammers promoting company stock pump-and-dump scams or drugs to help with weight loss and sexual performance. However, it is not just stock market manipulators and backstreet doctors who use image spam.
Its success in reaching its intended audience has been realised by all those involved in sending junk mail, and it is also deployed by those selling training courses, pirated software and fake luxury watches. Without a doubt the use and scope of image spam will continue to rise in 2007.
To further enhance the chances of success, image spam often makes use of animated GIF graphics. Multiple layers of images load on top of each other, making an animation similar to a flipbook.
Using this and other techniques such as adding noise in the form of speckled pixels can help ensure that the graphic is different on each sending - making it harder for the filter to spot repeat offenders.
During 2006, the amount of junk email using GIF files rose from 16.9 to 28 per cent of all spam, making GIFs the graphic format of choice for spammers around the globe.
Spammers frequently use multiple tricks simultaneously to get past the filters. As well as the use of images, other common techniques used both independently and simultaneously include: black holes (hide messages by using size-zero font), numbers game (hides letters by encoding them using HTML entities or numeric representations intended for sending special characters and non-English alphabets), invisible ink (manipulates font and background colours to make text literally disappear on screen), and slice and dice (uses HTML tables to shred a message into thin strips).
Concealing complex HTML code in a message can render it undetectable by simple spam filters. Fortunately, the very use of these tricks actually makes it easier for sophisticated filters to identify spam, as legitimate mail has no reason to contain such techniques.
In terms of the content of spam, 2006 saw a massive growth in pump-and-dump spam. In January 2005, these campaigns accounted for just 0.8 per cent of spam emails; by the end of 2006, the figure stood at 23.6 per cent.
With these scams, spammers aim to quickly and cheaply circulate false information about a company's stock via email, often combining it with snippets taken from genuine press releases, to lure potential investors.
Companies with limited assets are used by the spammers, who will then dispose of their shares and stop advertising the stock, often causing the price to fall and bringing serious repercussions for the duped investors.
The campaigns generally run for short periods of time, keeping overall volumes low, and while some of the information may be accurate, the unsolicited and deceptive nature of the messages qualifies them as spam.
Spammers will employ obfuscation techniques, using variations like 'st0ck' or 'stox' to avoid detection by simpler spam filters. The stock scams tie-in with the growing trend towards financially motivated cyber crime.
Another recent twist has seen criminals spamming companies with email messages that offer to boost their stock price in return for payment. This could not only enable spammers to boost the value of their own share portfolio, but also see them get paid by the businesses they are helping to cheat the stock market.
In addition to stock spam, the use of real world events or news stories that appeal to human emotion continues to be popular with spammers. This serves a number of purposes - from tricking a user into downloading a malicious attachment to encouraging a recipient to hand over their bank details or make a one-off payment.
For example, in June 2006, a version of the Stinx Trojan arrived attached to a spam email claiming that George Bush and Tony Blair were involved in a Middle East oil-price cover-up. While the attachment purported to be evidence of this cover-up, in reality, if users clicked on the attachment, they opened up a gaping hole in their PC's security.
Other malware has been spammed out claiming to be breaking news reports of the demise of Michael Jackson, Arnold Schwarzenegger or alleged evidence of a conspiracy about the death of Pope John Paul II.
More recently, in the run up to the US mid-term elections, even politicians got in on the act, with both the Republican and Democratic parties sending out unsolicited emails campaigning for support.
The emails were sent out in the days leading up to the November 7 election date, and urged recipients to take to the polls and cast their votes.
Samples were picked up by Sophos's global network of spamtraps - evidence that the emails were not targeted specifically at US voters, and could have been distributed to lists created through online email address harvesting.
Interestingly, while the campaigns bore worrying echoes of traditional spamming activity, legally the emails were not classed as spam - as US political parties are exempt from legislation such as the CAN-SPAM Act.
While clever techniques and gripping content are important, spammers need to be able to get their messages across quickly if they are to succeed in duping innocent computer users. One of the easiest ways to achieve this is by using zombie computers that hide inside networks and send spam, steal company secrets, and enable other serious crimes.
Once a computer has been turned into a zombie, hackers use it to commit a wide range of crimes by linking with a network of thousands of other infected computers.
Networks of zombie computers (botnets) are used by hackers to send spam, viruses, phishing emails and pornography. Sophos estimates that more than 60 per cent of all spam originates from hijacked computers, which cause business disruption, network damage, information theft and damage to a company's reputation.
In order to protect PCs from becoming zombies and to avoid falling victim to these spam threats, businesses should complement endpoint and gateway anti-malware and anti-spam solutions with a rapid and reliable zombie detection system. In addition, businesses should enforce safe computing policies and educate users about appropriate online behaviour.
Graham Cluley, senior technology consultant at Sophos, looks at new spamming approaches.
source : bcs.org
Tidak ada komentar:
Posting Komentar