News

Spam Surge Fueled by Health Care Debate, Fake Pharms

Spam volumes have increased fourfold during the last six months, and the unsolicited -- and often malicious -- messages accounted for a discouraging 94.9 percent of all e-mail delivered so far in August, according to the most recent report (PDF) from online security company MX Logic.

"We don't anticipate any dramatic declines in volume or levels as spam remains a highly popular and profitable delivery mechanism for cyber criminals," according to MX Logic's September "Threat Forecast and Report." The report offers little hope for relief.

Health care was the most common category for spam in August. An increasing number of bogus pharmacies are using image spam, in which the message is included in an image rather in text in an effort to avoid spam filters.

"Although image spam is an old tactic, it's one that spammers like to resurrect occasionally," the report states. "Despite the debatable effectiveness of these campaigns, we don't expect image spam to completely disappear any time soon."

The lure of cut-rate, no-prescription pharmaceuticals appears to be powerful. Spam watchdog groups say that phony pharmacies predominate in online advertising delivered through Microsoft's Bing search engine. According to a report from the anti-spam site KnujOn.com and LegitScript.com, which validates legitimate pharmacies advertising online, nearly 90 percent of Internet pharmacy advertisements delivered on Bing.com that were reviewed were operating illegally.

"The majority of Internet pharmacy ads did not require a valid (or any) prescription," the report states. "We successfully attempted to test buy in two cases, receiving drugs in both cases that appeared to come from India." Some of the drugs received through the ads tested as counterfeits.

Microsoft responded to the report saying that the results were exaggerated and that it had manually reviewed and removed the offending ads. But KnujOn and LegitScript said later that a review of the search engine's advertisers showed that phony ads continued to appear.

MX Logic predicted that Internet pharmacy advertising will not be the only online threat generated by health care concerns.

"As the debate about U.S. health care reform continues to heat up, we believe there's a strong chance this will increase and we'll begin seeing forms of political 'hacktivism' impacting the performance and availability of popular social networking sites," the threat report warned. Attacks against social networking sites advocating either side of the debate could have ripple effects affecting the services hosting the sites.

Malicious e-greeting card notifications remained a popular type of spam in the last month, but phony UPS or DHL invoices were the most popular method for delivering malware directly, accounting for four out of five instances in which malware was attached to an e-mail.

The popularity of social networking sites has resulted in a number of high-profile attacks and exploits in recent months, and this trend probably will only escalate, MX Logic said.

"With the web of trust that users generally have with the people they are connected to on sites like Facebook, MySpace and Twitter, we expect to see an increase in spam and malware disguised as messages from someone the recipient knows," the report states. "Given the popularity of these sites, we anticipate these types of attacks will increasingly become more sophisticated in common in the coming months."

The United States was the top source of spam over the past month, accounting for 13.3 percent, edging out Brazil with 13 percent. Other top sources were India, Ukraine and Poland.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Microsoft Cloud Carbon Monitoring Tools Hit Preview Milestone

    Microsoft on Wednesday announced its latest suite, Cloud for Sustainability, is available for preview for enterprises wanting a window into their carbon footprint.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Nobelium Security Attacks: Microsoft Points Finger at Service Provider Partners

    The "Nobelium" group, responsible for high-profile security attacks on SolarWinds earlier this year, was enabled by service providers with weak security, Microsoft said.

  • Microsoft 365 Compliance Tooling Gets 'Adaptive Policy Scopes'

    Organizations using Microsoft Information Compliance solutions with Microsoft 365 applications can now access a new "adaptive policy scopes" capability.