Spammers' new favorite delivery model: Your compromised email account

Spammers aren't bothering with botnets that much, but still manage to send a lot of spam courtesy of compromised Web mail accounts, according to a report.

Spammers aren't bothering with botnets that much, but still manage to send a lot of spam courtesy of compromised Web mail accounts, according to a report.

Commtouch Labs said in a report that email borne malware attacks have surged in the most recent quarter. In March, Microsoft led the takedown of the Rustock botnet and spam levels plunged 30 percent. Spammers still haven't recovered from that takedown, but are changing tactics.

In other words, botnets for spam look like so yesterday. Today's favorite spam course is to compromise a Web mail account---Yahoo, Gmail and Hotmail---and open up the turrets. We all have seen these emails: A contact has a weak password, the account gets compromised and spam ensues.

Let's survey the key points of Commtouch's report, via Help Net Security:

First there's the good news. Spam levels in June is at the lowest point in three years.

The bad news: Spammers are moving to compromised accounts and there are a lot of them. Commtouch said in its report:

The new tactic therefore calls for the use of compromised accounts to send spam as opposed to using botnets. The move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam. The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).

One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable. The catch for spammers: While spam from compromised accounts is less likely to get blocked by IP reputation systems, the volumes that can be sent are lower due to the thresholds imposed on these accounts. This at least partially accounts for the lower spam volumes seen this quarter.

In a nutshell, 30 percent of spam from Hotmail comes from compromised accounts.