Security Trends of 2008 Part 2: A New Breed of Spam

One of the Internet threats that made viruses lose their shine is the evolution of spam from mere disturbance to a force to reckon with. Continuing this three-part saga of Internet security trends for this year, we discuss our dearly annoying spam.

The spam evolution first appeared in 2005 in the form of images, like GIFs and JPEGs, what makes sense when you want to deliver an advertisement for stocks, medicines, or even websites. But the real deal behind this change was to easily escape anti-spam programs that sort out text-based content of e-mail messages. Spam advertising also surprised 2006 by including spam using a Word document format in its roster of transformations.

2007 was even more baffled by the sudden increase of spam forms, as shown below:

With a vast list to choose from, spamming really gave viruses a powerful haymaker, knocking it out of contention. Poor viruses!

Spammers started finding ways (or formats, rather) to get their messages through spam filters. Complicated file types like PowerPoint, Zip files, and other complex image formats like PDF’s and X-PNG’s grew in number in the inboxes of computer users, as e-mail security gateways could not look into them. While there were only a handful (about six or seven) of spam types in 2005 and 2006, 2007 literally suffered from outbreaks of spam, amounting to at least twenty different formats. That is like a 200 to 300 per cent increase compared to the earlier two years!

Present It, Zip It!

There is this challenge that urges spammers to get the attention of their audience. Although one of the tasks of the spammers is to get past the spam scanners, a more posing challenge is to deliver their content to the end-users not just to delete their spam but to somehow let the user read them.

One of the major types that circulated in the e-mail community was the PowerPoint format. Actually, it is a proof that spammers are willing to feed their hunger for propagation of their spam, despite the loss of time and virtual resources.

Ponder on this: why would a spammer waste time and effort putting in a PowerPoint presentation, complete with images and sometimes even audio, and of a megabyte or two in size, if his spam can just pass through as text content of around ten to twenty kilobytes in size? Apparently, the reason is because they have started the conquest on sneaking their spam into people’s inboxes.

Late in July 2007, spammers visualized encrypting their spam into ZIP files, seeing that encryption will greatly help the spam to get through filters. A lot of file formats like text, Excel, and PDF files containing spam messages were compressed in ZIP files. This, in turn, enabled the spam to bypass scanning engines and other security products because the contents can only be read once the ZIP files are decompressed. Examples of files contained in such ZIP files can be seen in the Barracuda Networks website.

The New Image of Image Spam

In June last year, PDF-based attachment spam conquered the advertising scene, with a more professional look than its GIF and JPEG ancestors. That made unwary users to trust it at first glance. It gave spammers very high success rates based on the number of clicks the PDF spam attachments receive from users who bought the scheme.

Lasting until after three months, PDF spam earned a reputation, able to account tens of billions of sent messages a day. And as the holiday season approached, just as the months ending in “–ber” started, PDF spam accounts increased sharply, which is not surprising, by the way. What’s surprising is that spam messages containing attachments began a dramatic decline on the same period.

However, such decline did not happen abruptly, not before the spread of spreadsheets and the announcement of audio spam! Those two, plus the conclusion for the spam proliferation update will be next in line, as we continue on the next part the uncovering of these security trends for 2008.