X
Tech
Home Tech Services & Software Collaboration

Spammers' new favorite delivery model: Your compromised email account

Spammers aren't bothering with botnets that much, but still manage to send a lot of spam courtesy of compromised Web mail accounts, according to a report.
Written by Larry Dignan, Contributor

Spammers aren't bothering with botnets that much, but still manage to send a lot of spam courtesy of compromised Web mail accounts, according to a report.

Commtouch Labs said in a report that email borne malware attacks have surged in the most recent quarter. In March, Microsoft led the takedown of the Rustock botnet and spam levels plunged 30 percent. Spammers still haven't recovered from that takedown, but are changing tactics.

In other words, botnets for spam look like so yesterday. Today's favorite spam course is to compromise a Web mail account---Yahoo, Gmail and Hotmail---and open up the turrets. We all have seen these emails: A contact has a weak password, the account gets compromised and spam ensues.

Let's survey the key points of Commtouch's report, via Help Net Security:

First there's the good news. Spam levels in June is at the lowest point in three years.

commtouch1.png

The bad news: Spammers are moving to compromised accounts and there are a lot of them. Commtouch said in its report:

The new tactic therefore calls for the use of compromised accounts to send spam as opposed to using botnets. The move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam. The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).

One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable. The catch for spammers: While spam from compromised accounts is less likely to get blocked by IP reputation systems, the volumes that can be sent are lower due to the thresholds imposed on these accounts. This at least partially accounts for the lower spam volumes seen this quarter.

In a nutshell, 30 percent of spam from Hotmail comes from compromised accounts.

commtouch2.png

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now