Symantec Announces October 2011 Symantec Intelligence Report; Spammers operates spam-friendly URL-shortening services using free, open-source software
Contributed by: Email on 10/29/2011 01:27 AM
[
Comments
]
During 2010, 92% of spam emails contained URLs and the use of shortened links makes it harder for traditional anti-spam countermeasures to block the messages based on fingerprinting the URL. Legitimate services are much quicker to respond to abuse, and spammers are preying on the knowledge that many people are familiar with shortened links through their use in social media, and have developed a false sense of security about them.
Symantec Intelligence reported earlier this year that spammers had set up their own URL shortening services to better conceal their spam sites and make them harder to block. This monthÂ’s analysis indicates that a spam gang with at least 80 URL shortening sites have been operating, all using a similar naming pattern, and used the .info top-level domain. However, unlike the URL shortening sites uncovered earlier this year, these sites are effectively public URL shortening sites. Anyone can create a shortened URL on these sites; the form to do so is also publically available
“Spammers are using a free, open source URL shortening scripts to operate these sites. After creating many shortened URLs with their own service, the spammers then send spam including these URLs. These particular spammers use subjects designed to attract attention, like "It's a long time since I saw you last!", "It's a good thing you came" and so on. This is a common social engineering tactic, and is designed to arouse curiosity, particularly if they have a false sense of security around the safety of shortened links” said Paul Wood, Senior Intelligence Analyst, Symantec.cloud.
“It is possible that spammers are setting up their own URL shortening sites since legitimate URL shortening sites, which have long suffered with abuse, have slightly improved their detection of spam and other malicious URLs. It's not fully clear why the sites are public. Perhaps this is simply due to laziness on the spammers' part, or perhaps an attempt to make the site seem more legitimate,” Wood said.
During October, Symantec Intelligence also discovered a premium rate SMS dialer targeting users in Eastern Europe. The dialer app attempts to pass itself off as a legitimate application by imitating the brand of a popular VoIP/messaging application.
“Premium SMS dialers have started appearing on the mobile threat landscape more often, especially in Eastern Europe. It is no surprise that the authors responsible for using this lucrative revenue source appear to be evolving their tactics and moving to newer platforms,” Wood said.
Other report highlights:
Spam: In October 2011, the global ratio of spam in email traffic declined slightly to 74.2 percent (1 in 1.35 emails), a decrease of 0.6 percentage points when compared with September 2011.
Phishing: In October, phishing email activity diminished by 0.07 percentage points since September 2011; one in 343.1 emails (0.29 percent) comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 235.8 emails (0.42 percent) in October, a decrease of 0.11 percentage points since September 2011.
Web-based Malware Threats: In October, Symantec Intelligence identified an average of 3,325 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 4.3 percent since September 2011.
Endpoint Threats: The most frequently blocked malware for the last month was W32.Sality.AE1, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
Source: Symantec
Comments
