Evolution of spam: Explained

Filed Under: Privacy, Spam

Spammers are taking advantage of all this cloud computing nonsense to get past our best defenses. I presented at Infosec Europe on how Russian affiliate networks (Partnerka) have eased up on spamming via email and have migrated to the web, forums, Twitter, and blog comments.

Why? Simply stated, we are doing too good of a job filtering traditional email spam. The email gateway is a chokepoint in our networks that allows us to do intensive filtering, and over the last 10 years we have become very, very good at it. Most reputable anti-spam products today can boast a 99%+ catchrate. Spammers are sending millions of messages, but fewer and fewer are being delivered. In a survey done by Paul Ducklin, less than 3% of people admitted to purchasing products through spam email.

Sophos Vancouver's Tony Ross tipped me off to some new spams he has been receiving on Skype. At first glance, some of these appeared to be related to identity theft or phishing, but on further investigation I discovered they are just good ol' spam.

Screenshot of Skype Viagra spam

This one starts out: "ViaGROW The world's best male enhancement!!!!!" Of course, a secret like this can only be shared through a secure service like Skype. This brings me back to my point... With traditional spam, companies are in control of what enters their network and users are in control through protective measures built into their email clients. There are many ways to filter out the junk.

With services like Skype and Facebook that offer integrated chat environments, you rely on the cloud to protect you. While some services, like GMail and Twitter, may have effective, aggressive algorithms, others, like Facebook and Skype, seem to allow anything and are slow to respond to complaints about malicious links and spams.

Here is an example of a lure to a Russian dating website that could easily lead to identity theft.

Russian bride site

This was also received through Skype and asks for your birth data (date?), name and email. About 24 hours after submitting my (fake) information, I received a login.

Mila - russian house wife, but already a bride

The site is a full-service Russian bride service offering real-time voice translations to help you buy the wife of your dreams. Ironically, one of the profiles is for Mila, whose occupation is "house wife."

I don't know about you, but I sure as heck don't want her angry Russian husband gunning for me. Although, to be fair, I probably have a lot more to worry about if Mrs. W finds out.

Part of my mission in the blog is to provide you with actionable advice. The face of spam is changing, but we are not ready to deal with this shift. We must be as careful when receiving messages from people over the web as we are over email. If your organization is considering cloud-based communications services, find out what protections they can provide for these new ways of messaging.

Update: (17-May-2010) Katrine and Natali have been kind enough to send me letters, but unfortunately I cannot read them. It would seem to talk to your potential future mate requires you to buy "credits" in order to open their messages and converse with them. As expected all spam leads to a similar fate, a somewhat depleted bank account with no guarantee of a positive result.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.