News

Spammers Retool for Renewed Assault

The botnets responsible for so much spam appear to be in a rebuilding phase, but any respite is likely to be brief and new threats loom on the horizon, according to e-mail security firm MX Logic.

"Over the long haul, there is no reason to think that the decline is going to continue," said Sam Masiello, MX Logic's vice president of information security.

Botnets are networks of compromised computers, remotely manipulated through control servers without the knowledge of their legitimate users. They can be used to distribute malicious code to compromise other computers, launch denial-of-service attacks against online resources and harvest sensitive information. Spam probably is the most visible product of these botnets, however.

Spam volumes took a sharp dive in November with the shutdown of McColo, a hosting company based in San Jose, Calif. that was identified as the source of a lot of unwanted e-mail messages. Since then the volume has been coming back up, although MX Logic observed a small drop in February. The percentage of spam dipped slightly in February to 83 percent of all e-mail traffic, down from 85.2 percent in January. Total volume of spam decreased by about 5 percent over that time.

"The bot masters are trying to build their botnets back up," Masiello said. "There is a lot of variance even on a daily basis on how much spam is being sent and received."

Several significant new botnets have appeared, including Xarvester, Waledac and Donbot. But the darkest cloud on the horizon appears to be Conficker, a rapidly growing network currently estimated at 12.5 million nodes that so far has been relatively dormant.

"It's just sitting there," Masiello said. It appears to be building up its resistance with new malware variants updating the nodes in an effort to make it more difficult to track command and control communications with servers. "At this point they are trying to find a way to build a botnet that is more resilient," so that when it is activated it cannot be easily shut down. "It's very scary."

How it might be used is anyone's guess at this point, but spam is a likely possibility. In that case, "we could easily be at or exceed pre-McColo levels," Masiello said.

Another possible threat is the use of stolen personal data to create well-targeted spam campaigns. Data breaches continue to occur with millions of personal records being exposed on an almost monthly basis.

"They are likely going to be used for ID theft, mostly," Masiello said. But the data also could be used to tailor fraudulent e-mails that could be convincing enough to entice even wary recipients to visit malicious Web sites or download malicious code.

Targeted spam that is crafted for a particular recipient is a growing problem. Because it can have a more legitimate look and feel, it is likely to have a higher success rate than traditional mass mailings that can be more easily identified and blocked or avoided. But that does not mean that mass mailings are likely to disappear or even decrease.

"The spam model is an almost pure profit model," Masiello said. The overhead of sending out large volumes is so small that even a tiny fractional response rate can produce a profit.

So although the number of targeted spam e-mails is likely to increase, there is no reason to think the mass mailings will shrink, and all of the standard precautions such as not opening unexpected attachments and not clicking on links will continue to apply in the foreseeable future.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.