Why spam still poses a danger

Users seem to have become accustomed to spam but we cannot rest easy as spammers keep the pressure on to deliver more and more junk in your inbox.

For most of us, spam has ceased to be much of a problem. Our spam filters work fairly well and although we may occasionally see the odd unwanted message, or lose a valid message in the process, we are largely shielded from the bulk of the junk that sloshes around the internet.

Advertisement - Article continues below

But the spammers are not standing still. They are constantly seeking new ways to get through our defences, and it is worth mentioning also that we all pay for the spammers. If they didn't occupy 90 per cent of the email capacity of the internet, we'd all get faster and cheaper service.

But there is little chance of stopping the spammers while their activities continue to be profitable. For virtually no outlay and less risk of getting punished, spammers can afford to churn out millions of messages in the sure knowledge that just a tiny fraction of the recipients need to respond to make it all worthwhile.

In a web survey carried out in February 2007, security company Sophos found that five per cent of people admitted to buying goods sold via spam.

And in August, the share price of a company called Prime Time Group rose steadily within a short period after "pump and dump" spammers went on a concerted email campaign to boost the company's prospects. So spam clearly works, despite our best efforts to contain it.

Advertisement - Article continues below
Advertisement - Article continues below

And so the battle goes on. The latest ploy noted by researchers in recent weeks is to put the message into a PDF or Excel attachment. As Mark Sunner, chief security analyst with MessageLabs, explains: "PDF attachments have rocketed in the last few weeks, and now account for 20 per cent of all image spam. PDF is seen as a more trusted file format, and also looks more professional. Using Adobe Acrobat, the hackers can also crank up the security options, which makes it hard for the anti-spam software to parse the contents."

He says that the tactics of some spammers are also changing, with some of them doing shorter runs that will keep them below the radar of the anti-spam engines. "The bad guys know that most filters rely on honeypots, and there is a window of time before a bogus account [in the honeypot] receives something it shouldn't," he says. "We have seen the window of spam runs coming down to short blasts of as little as 11 minutes. This would appear to be an attempt to get under the radar."

Advertisement - Article continues below

The junk mail aspect of spam is just one side of the problem, though. If someone is just trying to sell you something you don't want, you can delete the message and move on.

But the more serious side is that the spammers are constantly looking for more machines to infect. If they can get a trojan downloaded on to your machine, it then falls under their control and can be used for a variety of purposes. It may become another new node in a botnet, being used to spew out more mail to other targets. Or the hackers may decide to spy on what you do to gather details of your bank accounts, credit cards or other private information.

Advertisement - Article continues below

Increasingly, the spammers adopt the approach of putting a hyperlink in a message, to encourage the user to click through to an infected website. "Throughout this year, the number of messages containing malicious hyperlinks has been going up, while the virus count in attachments is half what it was last year," says Sunner.

Advertisement - Article continues below

This is backed up by data from Sophos, which reported finding an average of 29,000 new malicious web pages during the month of June this year. "The worrying thing is that 80 per cent of these were on legitimate sites that had been hacked," says Graham Cluley, a senior technology consultant at Sophos.

He says the most harmless-looking sites will be infected, such as a message board they discovered, which was devoted to discussion of 'Only Fools and Horses'.

"This causes problems for the anti-spam filters, because they are normally checking emails with known bad sites on them. But if they have a link to a sporting site or something not on the blacklist, then it will get through," Cluley says.

The only defence against the problem, he says, is a mixture good sense and making sure you keep all security patches and anti-virus software up to date. "And this is not just a Microsoft problem," he warns. "We see Firefox being targeted increasingly, and Apache web servers - we found that 51 per cent of the web servers we saw hosting malware were running Apache, rather than Microsoft. The hackers are looking for any vulnerable server running any vulnerable operating system."

Advertisement - Article continues below

If an unsolicited email sounds too good to be true, he says, then don't click on the links, and delete it immediately. Or if you are not absolutely sure, try looking at the attachment through a viewer, such as Wordviewer.

But the hackers are already planning their next move, according Mark Sunner. On June 26 this year, his company suddenly noticed a flurry of 514 targeted emails, all sent within the space of two hours, and all sent to board members of companies - except four which were addressed to the secretaries of chief executives. Each of the messages carried an Word attachment marked 'Customer complaint', 'Invoice', or 'Notice from the FSA'.

When the recipient opened the document they were presented with an icon to click to receive the message. As soon as they clicked the icon, they would be taken to a fake website and a trojan would be downloaded.

Advertisement - Article continues below

So how did the hackers have such precise information about their victims? After a bit of investigation, the MessageLabs team discovered that they were all on the LinkedIn social networking site, and the hackers had merely harvested information and identified everyone with CEO, CFO or some other high-ranking job title.

As Sunner says, it is now possible to buy tools on the Internet that will harvest information from social networking sites such as Myspace, so this is lowering the barrier to entry for people wanting to carry this kind of scam.

"Social networking is great, but is also a goldmine of information that is completely up-to-date. If we've intercepted 514 based on the six million accounts we protect in one day, then there has to be a substantial amount of this going on," he says. "We could see that, if activated, these trojans were going to be able to ship back the documents on the infected machine back to the data repository of infected machine elsewhere on the internet. That could be information about mergers and acquisitions, company strategies, patents. The targets are custodians of the company secrets."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020