Feeds

Junk email volumes hit high

Spam volume increases despite swine flu

Secure remote control for conventional and virtual desktops

Nine in ten emails in circulation are spam, according to the latest stats from email security services outfit MessageLabs.

The abuse of free hosted domains is playing a major role in clogging users' in-boxes with get-rich-quick scams and penis pill offers, MessageLabs reports. The security services arm of Symantec noted that junk mail levels reached 90.4 per cent during May. That figure includes email from "new and previously unknown bad sources" so the actual raw figure is probably even higher.

Most of the spam detected in May had little content beyond a subject line and valid hyperlink, sometimes linked to profiles on social networking websites. Often junk emails were sent through valid webmail hosting providers, rather than using spoofed addresses. Other rudimentary filter-evasion techniques include the use of Russian language characters in spam messages.

"As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one," said Paul Wood, MessageLabs Intelligence senior analyst at Symantec. "In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as a triple threat to heighten the effectiveness of their spamming."

MessageLabs also looked into the time when recipients were sent the greatest volume of spam, a metric that varied with geography. US residents tended to see spam peak between 9 and 10 am local time, before dropping overnight, while Europeans are more likely to receive a steady stream of junk mail throughout their working day. Over in the Asia-Pacific region, by contrast, spam tends to come in overnight.

The study also looked at locations harbouring malicious content, finding that the majority (84.6 per cent) of web sites blocked for harbouring malware during May were well-established domains more than a year old. In May, 7.0 per cent of email-borne malware contained links to malicious sites.

"Spammers using better-known and thus more widely trusted web sites to host malware is reminiscent of the spammers who rely on well-known webmail and social networking environments to host spam content," Wood said. "The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious – a temporary site set up with the sole purpose of distributing spam and malware – and thus faster to get shutdown."

MessageLabs complete report can be found here. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.