Feeds

Junk email volumes hit high

Spam volume increases despite swine flu

Website security in corporate America

Nine in ten emails in circulation are spam, according to the latest stats from email security services outfit MessageLabs.

The abuse of free hosted domains is playing a major role in clogging users' in-boxes with get-rich-quick scams and penis pill offers, MessageLabs reports. The security services arm of Symantec noted that junk mail levels reached 90.4 per cent during May. That figure includes email from "new and previously unknown bad sources" so the actual raw figure is probably even higher.

Most of the spam detected in May had little content beyond a subject line and valid hyperlink, sometimes linked to profiles on social networking websites. Often junk emails were sent through valid webmail hosting providers, rather than using spoofed addresses. Other rudimentary filter-evasion techniques include the use of Russian language characters in spam messages.

"As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one," said Paul Wood, MessageLabs Intelligence senior analyst at Symantec. "In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as a triple threat to heighten the effectiveness of their spamming."

MessageLabs also looked into the time when recipients were sent the greatest volume of spam, a metric that varied with geography. US residents tended to see spam peak between 9 and 10 am local time, before dropping overnight, while Europeans are more likely to receive a steady stream of junk mail throughout their working day. Over in the Asia-Pacific region, by contrast, spam tends to come in overnight.

The study also looked at locations harbouring malicious content, finding that the majority (84.6 per cent) of web sites blocked for harbouring malware during May were well-established domains more than a year old. In May, 7.0 per cent of email-borne malware contained links to malicious sites.

"Spammers using better-known and thus more widely trusted web sites to host malware is reminiscent of the spammers who rely on well-known webmail and social networking environments to host spam content," Wood said. "The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious – a temporary site set up with the sole purpose of distributing spam and malware – and thus faster to get shutdown."

MessageLabs complete report can be found here. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.