Despite the six-year-old CAN-SPAM Act, spammers routinely abuse the law and continue to deliver their obnoxious email. One year ago, a major spam-hosting ISP was shut down, causing an impressive drop in botnet activity. Today, however, spam authors are more active and smarter than ever. Spammers love to tailor their messages to the news and the season. Read this report to gain a greater understanding of current spam threats.
McAfee Research Report
December 2009 Spam Report
McAfee Labs Discovers and Discusses Key Spam TrendsBy Adam Wosotowsky and Elan WinklerMcAfee Research Report December 2009 Spam Report
Key FindingsDespite the six-year-old CAN-SPAM Act, spammers routinely abuse the law and continue to deliver their obnoxious email.One year ago, a major spam-hosting ISP was shut down, causing an impressive drop in botnet activity. Today, however, spam authors are more active and smarter than ever.Spammers love to tailor their messages to the news and the season. With new online shopping offers, jingle bell spam has begun to ring.
Table of ContentsCAN-SPAM Act of 2003 3Twitter recruiting spams 3The sending IP address 3The domain name 4The web page 5Respect for the law 6The McColo Effect: One Year Later 6The aftermath 6Spammers learn their lessons 7'Tis the Season for Christmas Spam 8Safe online purchases 8About McAfee Labs 9About McAfee, Inc. 9McAfee Research Report December 2009 Spam Report
CAN-SPAM Act of 2003January 1, 2010, will mark the sixth anniversary of the under-enforced CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003. During these six years millions of new Internet users have joined the email ranks, and we have seen the amount of spam sent to the average email address rocket upward to peaks as high as 92 percent of all traffic only a few months ago. While we complain about the lack of international support to combat this scourge, we overlook spammers who sit comfortably in the United States, sending out thousands of emails that blatantly disregard the law by keeping their message volumes just below the radar.Let's look at one of those spam campaigns and see how it breaks the first requirement of the CAN-SPAM Act. Two noteworthy requirements affect spammers. Each separate email in violation of the act is subject to penalties of up to US$16,000, so failure to comply can be costly. But following the law isn't complicated. 1Here's a rundown of CAN-SPAM's requirements Nos. 1 and 7:1. Don't use false or misleading header information. Your "From," "To," "Reply-To," and routing information-including the originating domain name and email address-must be accurate and identify the person or business who initiated the message.7. Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can't contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.The latter point is less a requirement and more a threat from the government to tell corporations that ignorance of spam activity is not a defense that can avoid the $16,000 fine per spam email sent.
Twitter recruiting spamsThe campaign we're following is "Twitter Job" spam. Twitter job spam is not advertising jobs for the Twitter company. It is a scam to get people to create Twitter accounts and send spam to their Twitter followers. Here is an example:This particular piece of spam gives us two items of information that we can use to determine its identity and hosting:. A received header that shows the message being delivered from the IP address 208.185.61.214. The domain name supergamingninja.net
The sending IP addressThe sending IP address is located in the United States. It is in a subnet that appears to be owned by the Metromedia Fiber Network. Our data indicates that each IP in that subnet from 208.185.61.5 to 208.185.61.244 is involved in sending this exact same spam, well over a million copies in a few days. If they sent only 1,000,000 spam mails, then the fine could be as high as $16 billion. The spammers won't be there for long, though. These sorts of spam campaigns often move from subnet to subnet as blacklist servers block the mail. Twitter job spam didn't start recently; it has been ongoing for months. Having an entire subnet get blacklisted damages the reputation of the subnet so much that future owners of the address space may find themselves spending considerable time trying to atone for the sins of the previous owner. Companies purchasing address space would be wise to check for blacklisting before finalizing a deal.
1. "The CAN-SPAM Act: A Compliance Guide for Business," Federal Trade Commission. http://www.ftc.gov/bcp/edu/pubs/bus... [download for more]
