Feeds

back to article Rotten spam causing more infections than ever – study

Anti-spam tools have evolved to a degree where many of us hardly see much spam anymore. But when we do, the threat posed by those messages is greater than it has ever been, according to a new report from independent security firm AV-Test. The report, entitled "Spam – More Dangerous than Ever Before," was based on an 18-month …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

What's so difficult?

"but much harder to spot, were messages containing links to websites that spread malware"

So, looking at the source of the message and seeing

HREF="ups.com.some.virus-bloated.dummy.site.cx/GUID/virus.exe"

is the same as

HREF="ups.com"

Not terribly difficult there. But wait, that's applying common sense.

Anon to protect the obvious downvotes I'll get for trolling this one. :D

0
2
Silver badge
Meh

Re: What's so difficult?

Difficult for you or I or most of the people that frequent this site; No it isn't.

But subject matter knowledge is not something that the vast majority of email recipients possess. How are you going to explain to a novice user or an elderly person how to check the link target then determine if it is safe (without making yourself sound like a condescending dick & be ignored)? Without reasonably deep knowledge of what's out there one can't make the same determinations as say you or I.

Basic AV software, education and attrition through death of older, more vulnerable users, will eventually see common infection vectors eliminated but unless you are proposing mass executions it is something we're going to have to deal with.

2
0

Re: What's so difficult?

Actually, almost none of the malware link-spam I'm seeing contains links to an executable. More often, the malware link will reference a PHP file, which then looks at the browser user-agent and attempts a drive-by download if it spots a vulnerable Windows browser. More and more often, these links will give you a bogus 404 message if the browser user-agent is a Mac or Linux browser or a modern Windows browser, meaning that many AV firms may not even be seeing them as valid URLs at all.

Another common tactic I've seen is for a link in malware link spam to go to an HTML file that uses JavaScript or the refresh meta tag to redirect you to the actual malware, often through three, four, or even five intermediaries. Again, you can't tell just by looking at the link that the destination is malware.

And of course some URLs go to a compromised site that's hosting the Blackhole or Phoenix exploit kits, which will attempt a number of download techniques based on the browser's user agent, plugins, Java version, or whatever.

2
0
Anonymous Coward

Re: What's so difficult?

"But wait, that's applying common sense"

Better sense would be to use a browser that doesn't allow execution of binaries, warns and only allows saving if that's what you really, really want.

1
0
Silver badge

Hardly surprising

Of course a large number of bots are business machines, they're the last refuge of IE6, and many still depend on software using Active X.

The old "embrace, extend, extinguish" philosophy and lax security standards of the day at MS had the unfortunate repercussion of embracing malware writers and extending them a helpful hand. Too bad they are hard to extinguish easily.

2
0
Bronze badge
Trollface

Re: Hardly surprising

So you're saying that Microsoft has embraced the malware, extended the malware by providing a nice platform long-lived for it to run on (IE6 on Windows XP), and is now about to extinguish both themselves and the malware by unleashing Windows 8?

Sounds like a plan. :-)

0
1
Bronze badge
Holmes

Live and let spam is STUPID

Actually, the harder we pretend the spam isn't there, the more dangerous the spam becomes when it slips through. Let me construct an obvious little example based on adaptive filtering.

Adaptive spam filtering attempts to modify your spam filters to consider various factors such as what kinds of messages you have marked as spam. Now imagine someone send you a package via Fedex, but there are delays or questions, so you wind up exchanging some email with your correspondent and with Fedex, and just about this time, a spammer throws a Fedex phishing scam at you, it slides through into your inbox, and you click on the link. Poof. You're pwned.

The less spam you saw, the more dangerous this spam became.

Hey, if you had the tools, would you donate a bit of time and thought to hurting the spammers? You don't have to, but I would and I wouldn't mind that you benefited, too. If just a few people felt like I did, and if at least one of the major Web-based email services provided the anti-spammer weapons, then I can assure you we would completely outnumber the extremely small supply of suckers that are feeding the spammers.

We are NOT going to convert the spammers into decent human beings. However, we can disrupt their economic models and encourage them to climb under less visible rocks.

I really believe that, but apparently Microsoft can't see downstream where the peasants are, Google is too advanced into evil, and Yahoo is too busy going bankrupt. You would think that at least Yahoo would be desperate to restore some value to their only significant asset rather than being the leader in providing infrastructure support to the spammers...

3
0
Bronze badge

I may be downvoted, but...

...I always stated that I was glad there were enough stupid people out there who responded to spam or 419 scams. Why? Because it meant that the spam/scam mail was stupidly written and easy to spot.

Now, however, we have automated spam filtering to the point where they protect even the more stupid of us to a relatively good degree(*). Which means that spammer/scammers now have to upgrade their vectors and make things more difficult for the rest of us.

(*) Disclosure: I also consider that unless you have a physical disability which stops you from operating a manual transmission, no driver should be allowed to do their driving test in a car with automatic transmission - especially considering that 90% of the time I ask "autmotic-transmission-only" licence-holders why they did so, the usual answer is along the lines of "a manual car was too difficult". (of course, if after passing the test you then decide to drive nothing but automatics, that's your prerogative - you've already proven you can walk *and* chew gum at the same time, you don't need to do it all the time)

Let the downvoting begin!

3
3
Bronze badge
Thumb Down

Re: I may be downvoted, but...

I usually complain about the insularity of Americans, but surely the suggestion that "no driver should be allowed to do their driving test in a car with automatic transmission" reinvents the Luddite?

In the US you'd have a hard job actually finding a car with manual transmission, unless it's a sports car imported from Europe.

And if the statement "we have automated spam filtering to the point where they protect even the more stupid of us to a relatively good degree" were true, then surely the spammers would have given up in disgust by now?

It would be unkind to downvote you...

0
0
Bronze badge

Re: I may be downvoted, but...

Ok I'll bite. Why should people have to take the driving test in a stick ?

0
0
Bronze badge

Re: I may be downvoted, but...

IMO people should learn the road rules on a bicycle and have to ride on-road for a year or two without incident before moving on to driving cars, as a lot have a major flaw in their understanding of physics. In particular, they develop this bad habit of just flooring it to the next lights then screeching to a halt, or totally failing in judging stopping distances.

Plus, you'd be learning the road rules on a vehicle which most learn to master before puberty. You're not trying to learn road rules and the operation of a vehicle simultaneously.

Having to supply the grunt for a while or having to nurse a few bruises might teach them some better driving habits rather than alternately stomping on brake and accelerator, and has the bonus of them maybe respecting vehicles smaller than them.

This said, it won't happen, as it'll require vastly more work administering the system, and there'd be very little gain in the scheme of things.

But I digress…

It has been mentioned that some people should take some sort of license test to use a computer. Not sure that'd be a good idea, because let's face it, what would the content be? What platform would they teach on? How would it be administered and policed? It'd be a nightmare to manage, and probably more trouble than its worth.

0
0
Bronze badge

Re: I may be downvoted, but...

" In particular, they develop this bad habit of just flooring it to the next lights then screeching to a halt, or totally failing in judging stopping distances."

It's been my experience in the US that the largest fault in drivers is the erroneous notion that the horn stops the vehicle from crashing, as most drivers seem to want to use the horn before they even consider depressing the brake pedal.

With rather expensive results.

Of course, for me, the only time I hear my own car horn is during my vehicle safety inspection.

0
0
FAIL

@Anonymous IV

"In the US you'd have a hard job actually finding a car with manual transmission, unless it's a sports car imported from Europe."

Oh come on, don't pull that, the corvette is available with manual as are some US manufactured VW's and Subaru's and that's just the ones I've seen myself and I live in the UK for 49 weeks of the year. Just because most US buyers pick the auto option doesn't mean that manual doesn't exist in the US.

1
0
Bronze badge

Re: @Anonymous IV

"In the US you'd have a hard job actually finding a car with manual transmission, unless it's a sports car imported from Europe."

What is a Jeep Wrangler? A European car?

0
0
Holmes

SPAM = HTML email

Virtually all these spammer tricks rely on the email client not being set to read in Plain Text only mode.

I.e. read in HTML mode, and by implication send them as well.

Kill that stupidity, and most of the problem will go away, at least until the spammers put some serious effort into a new attack vector.

More drastic, prevent HTML emails from being transported in the first place.

I expect lots of down-votes for being a Luddite, but it would cure most of the problem.

5
0
This topic is closed for new posts.