The modern world is all about contradiction and paradox. Life rewards people for success and looks to them with admiration and for inspiration, but the likes of proto-humans Justin Bieber and Rob Ford leave us shaking our heads with incredulity and disgust. The world looks forward to the beginning of the Sochi Olympics in mere days, a wonderful distraction that’s meant to entertain and motivate; yet that same world is entirely on edge as it comes to grips with the possibility that some humans could actually be lowlife pieces of waste, threatening to bomb an event meant only to elevate humanity and celebrate its amateur athletes. Yes, we humans are all about contradiction. Today, we can’t subsist without an online presence, yet we’re constantly bombarded with the message that being online is dangerous. It’s a bad idea. Yet we do it because we have no choice, that is, unless we want to resort to carrier pigeons and analog telephone lines.
The venerable Kaspersky Labs, highly regarded for being one of the globe’s top security firms, proved that spam is all about contradiction this week, when it released its 2014 Security Bulletin. And the title of the report says it all: Spam evolution 2013. There are two key takeaways: spam is shrinking, and spam is growing up. If that doesn’t sound like a paradox, we don’t know what does. You see, spam volume in 2013 dropped a respectable 2.5 percent, and while the amount of spam being delivered still hovers around 70 percent of all email messages, no one can argue that spam is heading in the right direction.
That news, while encouraging, doesn’t tell the entire story, however. Spam emails with malicious attachments dipped in number, too, albeit only slightly, coming in at 3.2 percent, 0.2 percentage points lower than 2012. China came in as the world’s number one provider of spam, at 23 percent, and 74.5 percent of email messages delivered in 2013 were smaller than 1 KB in size. And phishing attacks were still strong, with 32.1 percent of phishing being targeted at social networking.
The good news is that spam advertising legitimate goods and services – the so-called marketing spam – has declined. “Advertisers increasingly prefer legitimate advertising to spam: more varied types of online advertising are becoming available, and these generate higher response rates at lower costs than spam can offer.” This is good news for everyone in the security business, because marketing spam has cluttered the minefield with unnecessary traffic that only makes malicious spam more dangerous. As it stands, however, spammers are taking advantage of the shift, according to Kaspersky. For example, travel spam “used to account for 5 to 10 percent of all spam traffic and was made up entirely of various offers for trips, tours and tickets. These days, commercial advertising in spam is rare, but we see numerous malicious emails exploiting the subject of travel and leisure.” Fake confirmations of flights, hotel bookings and cruises have become a common tool among spammers, with attachments carrying dangerous payloads like Trojan-PSW.Win32.Tepfer or Backdoor.Win32.Androm.qt.
How many shades of gray?
So-called ‘gray’ mailings – semi-legitimate messages sent from servers using large databases, often without user consent – are becoming a significant issue, says Kaspersky, and “leads to situations in which part of a mailing is legal and legitimate and part of it is spam. This poses a new challenge for the anti-spam industry and leads to the development of new technologies based on sender reputations.”
Fake antivirus messages are becoming all the rage, too. In 2013, Kaspersky detected “several mailings which looked like messages from antivirus vendors, i.e., were designed for people who understand the basics of security.” Cybercriminals are trying to take advantage of the fact that security experts strongly advise regular updating. “In an email sent on behalf of an antivirus vendor, they urged users to update their systems immediately using the file attached,” often using the names of recognized security software vendors.
Global events were also in the spam spotlight in 2013, with spammer exploiting high-profile events in email blasts. Kaspersky notes that often these messages were relevant to the locale of the spammer, for example, “’Nigerian letters’ most often exploit events from Asia and the Middle East while European and American news is mainly utilized in emails containing malicious links.”
Ultimately, Kaspersky concludes, spam has grown up, becoming more sophisticated and targeted, with more dangerous payloads. “Among malicious attachments there is more and more malware which aims to steal confidential data, especially passwords and logins to banking systems. We expect this trend to continue next year.”