New spamming techniques are upon us - 419 spam, botnets, CAPTCHA cracking – what’s next from the 'bad guys'? Spam remains the biggest email-born threat to businesses. Learn how to protect your business. FREE Whitepaper (PDF/40KB)
Block Evolving Spam,
Secure Your Network
A MessageLabs Whitepaper; November 2008have adopted to get around this problem is to create Managed Block Evolving Spam, thousands of webmail accounts on services such Services or Secure Your Network as hotmail, gmail and yahoo (although not limited Email Spam is Growing Faster Every Year, to these). It is impossible for most receiving sites "in-the-cloud Especially in the United States. to blacklist these sources, so they are limited to content filtering to detect the spam. In order to create scanning" is Today new forms of spam are much more these thousands of accounts the spammers have dangerous than their predecessors, presenting developed computer software designed to break the fast becoming serious threats to any business that happens to so called "CAPTCHA" (Completely Automated Public receive them. Managed Services or "in-the-cloud Turing test to tell Computers and Humans Apart) the most scanning" is fast becoming the most effective way images which are placed on these sites to prevent to proactively protect the corporate network.effective way automated sign-ups. The spammers are able to decode CAPTCHAs at a success rate of higher than to proactively This whitepaper will give you insight into the most 30%, giving them almost limitless accounts.prominent spamming techniques used during protect the 2008 including CAPTCHA Cracking, SQL Injection Increased Botnet Power Botnets and 419 spam. This paper will also Modern botnet spam sending engines such as the corporate highlight why stopping these threats at the internet Srizbi botnet engine are multi-threaded and use layer via a managed service is the only way to very low level kernel hooks to allow them to send network. combat new evolving spam attacks. spam even faster than before. By bypassing the normal Windows networking functions these botnets can go undetected by software firewalls, and send A New Generation of Spam and volumes of spam up to millions of emails per day the Related Risks using a single consumer PC. The new botnets also Spammers are constantly evolving and incorporate techniques for going to sleep if they enhancing their tactics to thwart traditional detect that the computer is in use by its owner. This corporate defences. The latest of which are prevents the often cited technique for knowing your outlined below. PC is infected of checking whether it is going slower than normal.CAPTCHA Cracking Spammers have a finite set of resources, one of Furthermore, the volume of botnets around the world which is machines from which to send their spams continues to increase, with Srizbi now the largest from. The common spammer way around this botnet we have ever tracked, with over 1.2 million has been to create huge botnets of infected PCs, active spam sending machines, and millions more however these often get blacklisted quickly and inactive. (See figure 1 below to understand how become hard to use. One technique spammers botnets function).
Fig. 1: The Anatomy of a Botnet
2 WHITEPAPER: Block Evolving Spam, Secure Your NetworkSQL Injection Botnet The multi-layered technology approach includes four The Asprox botnet has an interesting technique for preventative layers (see Figure 2 below): MessageLabs propagating itself to more hosts. Rather than sending Email Anti-Spam emails out to achieve this it will attack random Inboundweb sites on the internet using a technique known emailservice is a fully as SQL Injection. This is a widely known security vulnerability that many web sites have. The Asprox managed service botnet will seek out and find vulnerable web sites, Traffic Managementinjecting Javascript into the web pages of these that provides perfectly legitimate sites, causing visitors to become Connection Managementinfected with the botnet. unparalleled siegCommercial Scanners loo ability in keeping nAsprox's email system is specifically designed for hcesending phishing emails. SkepticT TT all kinds of ticpeIncreased level of 419s: kS spam away Related to the CAPTCHA cracking is the increased volume of 419 or "Nigerian Scam" emails. These Cleanfrom corporate inboxare simple advanced fee frauds which often appear to be too good to be true (either in the form of networks; vast sums of money available for the taking, or as Fig. 2: The MessageLabs Multilayered Email Anti-Spam Servicelottery winnings). The scammers almost exclusively d... [download for more]
