/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMUMBAI, INDIA: E-mail and web continue to be the avenues of choice for Internet threats. Blended-threat e-mails, particularly hyperlinks to malicious material hosted on the Internet, have become a leading tactic. These findings were part of GajShield’s Q3 2008 e-mail threat trend report, prepared in collaboration with partner Commtouch.
Spam levels averaged 77 percent of all e-mail traffic throughout the quarter and peaked at 94 percent in July. Pharmaceutical spam dropped to 19 percent of all spam, compared to the previous quarter, where it was the number one topic comprising 46 percent of all spam throughout the quarter. Sexual enhancers were back in the number one slot, comprising 23 percent of all spam.
The major spam topics witnessed in Q3 were Sexual Enhancers—23 percent, Jobs/ Academic Degrees—3 percent, Pharmacy—19 percent, Stocks—1 percent, Loans—12 percent, Casino—1 percent, Replicas—10 percent, Phishing—<1 percent, Pornography—8 percent, Others—17 percent, Software percent 4 percent.
This quarter’s trend showed that blended threats contained an element of ‘hijacking’ legitimate content, sites or senders to provide an air of legitimacy. Legitimate sites and senders were used by spammers to cloak their illicit activity.
Zombie or botnet-generated threats remained high and spammers enhanced their tricks for ‘hijacking’ positive reputations from senders and sites, in an attempt to bypass reputation-based filtering systems.
A major trend throughout 2008 that intensified during the third quarter is spammers’ increased use of cloaking techniques to hide their poor reputation behind someone else’s good reputation. This means that instead of sending e-mail from a known spam IP address or, more commonly, from an infected bot server, spammers are finding new ways to send messages using valid or known mail servers, mainly webmail accounts, which have a reputation as a legitimate e-mail source.
In Q3, the use of web-hosted Macromedia Flash files was a new technique initiated by spammers to bypass traditional e-mail filters. This popular web animation format is normally built into a regular web page and programmed to run when the page opens.
So most Flash-containing web pages have regular file extension endings (.html or .asp). In this case the spammers linked directly to a hosted Flash file (.swf) that turned out to be a re-direct to a page of pharmaceutical spam content.