Spam industry gets smart

17 Sep 2007

The volume of bulky and image-based spam emails is on the decrease, but this isn’t good news as it heralds a move by spammers to take up as yet unexploited and unprotected techniques like PDF and Excel-based spam.

The latest report by the IBM Internet Security Systems (ISS) X-Force, shows that the ‘exploits as a service’ industry is becoming increasingly sophisticated with malware, or malicious software, on the rise.

So far this year X-Force has analyzed over 210,000 new malware varieties, already exceeding the total number of varieties observed throughout all of 2006.

The report finds that Trojans, or malware posing as legitimate files, account for 28pc of all malware, a change from last year, when downloaders were the most commonly found type.

Downloaders, unlike Trojans, are tiny programs that install themselves on the unsuspecting users PC, and later download and install the actual malware software.

“The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyber attacks,” said Kris Lamb, director of X-Force for IBM Internet Security Systems.

“This directly correlates to the rise in popularity of Trojans that we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks.”

The illegal business of malware and spam is also changing, the report finds, with those providing ‘exploit code’ to spam distributors now leasing the exploit code so potential customers can test how effective the malicious code is with a small initial payment.

The report also found that Spain is now the highest exporter of phishing emails, knocking South Korea off the top spot.

Interestingly the report also estimates that 10pc of all content on the internet consists of unwanted material in the form of porn, crime or socially deviant content.

By Marie Boran