Following the recent news on global spam levels falling, Jamie Tomasello, Abuse Operations Manager at Cloudmark, outlines her thoughts on why spammers are moving from email to social networks and mobile channels.
While at the moment it is not completely clear why spam activity from the Rustock botnet is down, one of the key reasons why we are seeing a global drop in email spam is because fraudsters are shifting their focus onto more lucrative social networking and mobile channels.
These platforms allow spammers to reach a much more responsive recipient compared with traditional email messages.
Technically, a botnet can send any kind of content and so they are increasingly being used to send messages that spoof content from social networking sites. This works in a similar way to email phishing attacks, where a message would drive the recipient to a malicious payload, or to a website to capture the recipient’s social network credentials.
The cyber criminal could then log in to the social networking site with the compromised credentials and send spam via the platform to the compromised recipient’s friends.
These types of messages can be much more convincing than email spam messages because social networks, and the friends a user is connected with, are often well trusted. Once a cyber criminal has compromised credentials they will use them to try and gain access to other e-commerce, social network, email or bank accounts, and as we’re increasingly being reminded, many internet users still use the same username and password combination across multiple web sites.
In the instance that one account has been hacked the user should then assume all of their accounts have been compromised.
Even though global levels have dropped, there will not actually be any discernable drop in e-mail spam coming into the inbox of end users. The massive reduction in spam being reported is only noticeable before any security mechanisms have been implemented.
As all large scale mail providers have systems in place that reject connections from known botnet IPs, all of this spam would have been blocked by IP reputation (DNS block lists) anyway. This is good news for the Internet and mail providers, as it frees up bandwidth and means less resources are needed to man the defenses as the volumes of attacks are lower.