The Next Generation of Spam

Spam. We find it in our inboxes everyday, in growing numbers. It creeps into instant messages, blogs, forums, and any other channels of communication that have the potential to be profitable for cyber thieves. And if current trends continue, we may be in store for rising levels of assault.

Spam currently makes up over 90 percent of total e-mail traffic, according to industry figures. Even with the best preventative measures, due to the escalation and constantly changing tactics of threats, it’s difficult to avoid falling victim to scams.

Like most online scourges, spam continues to adapt in order to get past computer users’ defenses. Both the intent and methods used have evolved, making today’s spam techniques more deceptive and sinister than ever before.

“Spam is one of the most intractable consumer protection problems faced by computer users…The nature of spam, however, has shifted, and a new generation of malicious spam is on the rise,” according to the U.S. Federal Trade Commission’s (FTC) most recent Spam Summit Report.

Spam is no longer a mere annoyance, but has progressed to be a vehicle for the spread of viruses, spyware, malware, and other online scams. Spammers operate with one ultimate goal in mind: to steal your private information or defraud you of your money.

According to FTC Spam Summit panelists, botnets are now the key method for sending malicious spam, and are responsible for 95 percent of all spam. “In most instances, victims are unaware that their computers have been hijacked and turned into a bot or become part of a botnet – a network of hijacked computers that enables spammers to send large volumes of spam anonymously and remotely.”

Over one million IP addresses coordinate spam and virus attacks each day, assaulting more than 50,000 computers at any particular point in time, the FTC says. With a large number of computers under their control, spammers are able to continuously rotate IP addresses in order to avoid detection - a technique known as “fast flux.”

To make matters worse, the ease of acquiring phishing software and criminal toolkits is enabling a wider range of criminals to propagate malicious spam. A spam-bundled spyware kit, allowing cyber criminals to spread spyware through spam, is offered by a community of malware providers for a mere $20 U.S., according to an FTC example.

What’s being done to fight spam? Law enforcement, (including collaborative efforts on a global scale), spam filter software, and consumer education all aid the battle against malicious e-mail, helping to keep computer users safe from scams.

The adoption and implementation of authentication technologies – the two leading standards being Sender ID and Domain Keys Identified Mail (DKIM) – is another key step in the fight against e-mail fraud, according to industry analysts. Domain-level authentication technology allows the receiving mail server to verify if an e-mail sent from an IP address is registered to the sender, permitting the receiver to validate the legitimacy of messages.

Sender ID requires e-mail senders to publish Sender Policy Framework records to indentify mail servers,while DKIM is an emerging signature-based e-mail authentication standard.Over half of top consumer-facing financial service brands currently authenticate e-mail through Sender ID or DKIM, according to the Authentication and Online Trust Alliance.

What can computer users do to battle spam? A little caution can go a long way in defending yourself against malicious spam. Be aware of spam techniques and always be wary of attachments or links in e-mail from unknown senders. Educate yourself on spam scams by taking a look at OnGuard Online’s quick facts and tips.