Compromised Web Mail Accounts the Cyber-Criminal's New Choice for Spam Distribution
Spammers don't need botnets to send masses of spam anymore, as they switch to using legitimate Web email accounts, according to the latest quarterly report on Internet threats.
Spammers are increasingly relying on compromised Web mail accounts to push out their email messages, researchers found in Commtouch's quarterly Internet Threat Trend Report released July 12. The report is based on the analysis of data collected by the company's cloud-based GlobalView Network service during the second quarter of 2011.
After Microsoft and Department of Justice officials worked together to seize several command-and-control servers belonging to the Rustock botnet in March, global spam levels dropped 30 percent. Generally, once a botnet goes dark, spam levels drop temporarily but return to normal levels after a few weeks, according to Commtouch. Last quarter saw spam levels stay at the "relatively low levels" weeks after the takedowns occurred.
"Spammers are trying to outmaneuver IP-based spam blocking techniques as well as law enforcement that have both effectively targeted botnets," said Amir Lev, Commtouch's CTO.
Rustock was one of the largest spam botnets in operation, at one point accounting for nearly half of all spam being sent worldwide. Spammers appear to have not yet recovered from the takedown attempt but, instead of fighting back, appear to have changed tactics, Commtouch researchers found.
"The new tactic therefore calls for the use of compromised accounts to send spam as opposed to using botnets," the researchers wrote.
Email-borne malware attacks surged in the second quarter as cyber-criminals sent messages designed to steal log-in credentials, log in to email accounts and send spam from those accounts, according to the report. The preferred method appeared to be compromising a Web mail account from one of the major services, including Yahoo, Google's Gmail and Microsoft's Hotmail. In many cases, the attackers compromised a user with a weak password and then spammed all the contacts.
Criminals "are now using a combination of malware and phishing to compromise legitimate accounts," Lev said.