Picking up from where we left last time, there are two other important spam formats worthy of notice. These two are special because they are proof that spammers not only wanted to sneak their spam into your inboxes, but they are also in the constant quest of finding which one is the more effective. Spammers have taken on the advertisement challenge in a more scientific, step-by-step procedure: the spam experimentation.
Spamming Through Spreadsheets and Sounds
“Get past the spam filters.” That is the ultimate goal for all spammers, since the only way for them to get an audience through unsolicited means is to make their spam attractive and eye-catching. And 2007 had been their testing field, eventually becoming the breeding ground of the evolution process.
Similar to how spammers escaped text-based, anti-spam programs with image formats in 2005, Excel and audio spam formats were able to bypass scanning engines. Files in an Excel format are hard to parse and dissect, while audio files can only be listened to.
Here are some graphs that can tell vividly the experimentation story behind the Excel and MP3 spam outbreak mentioned earlier (graphs are courtesy of the IronPort’s 2008 Internet Security Trends).
What They Had To Say About Excel and MP3 Spam
In “New Excel Spam Hits the Airwaves, Commtouch Reports,” an article in BusinessWire July 23, 2007 issue, it was reported that spammers will be looking for ways to get through anti-spam engines.
Commtouch, developer and provider of market-leading anti-spam and virus outbreak protection, first identified and blocked an Excel spam promoting stocks on July 21 last year. According to Amir Lev, Commtouch’s chief technology officer, “Excel is a natural progression after the recent spate of PDF spam, which itself is a natural development from basic image spam. We expect other file formats to follow suit; think of the spam potential in Powerpoint files, or Word documents.”
The article also stated that “spammers may assume that by wrapping the same message in a new format, they will bypass most anti-spam engines that try to analyze the content of mail messages. However technologies that rely on identifying patterns in mass emails, such as Commtouch’s Recurrent Pattern Detection technology, block these types of messages automatically, regardless of the content or format.”
Let’s move on with audio spam this time. In his article entitled “MP3 Spam Scam Hits In-boxes” (in eWeek’s October 18, 2007 issue), Brian Prince stated an obvious but very reliable bait spammers widely used in relation to spam in audio format. “…spammers have taken to using MP3 attachments in e-mails named after recording artists as part of a pump-and-dump stock scam. Most of the e-mails have no subject name; others, however, appear to be named after the artist the MP3 file is named after, according to several security vendors,” Prince published.
Further illustrating the proliferation of spam against the dwindling existence of viruses in attachments, Prince had this in his article: “When recipients click on the attachment, a voice relays a message promoting stock for a particular company. According to Commtouch, as of the afternoon of Oct. 18 (of 2007), no viral threats had been identified in these messages. The outbreak began Oct. 17 (of 2007) and accounted for around 7 to 10 percent of all spam globally over the ensuing 18 hours, officials at the Sunnyvale, California security vendor said.”
Once again, like how text-based scanners failed to protect users from spam in image format back in 2005, content-based scanning engines were defeated by these intelligent evolutions of spam. In August last year, Excel spamming was rampant even though it lasted for only five or six days. And in three days of October last year, it was the MP3’s turn to test the waters and get the feel of it. Although both spam types lasted for no more than a week, their peaks proved to be extraordinary as they reached two-digit percentages of the world’s total spam, with the Excel spam outbreak able to send more than a billion messages at its time worldwide! Spammers really are persevering just to learn the right spam that can slip into your inbox unnoticed.
A Twisting Conclusion
It seems like hope was not lost when newer spam defenses were developed against these new spam types. Third generation spam engines were designed to think outside the box. Instead of just looking at the attachment (which spammers try to create more unreadable versions of), third generation spam scanners put into consideration the reputation of the IP address sending the spammed message, the structure often used by spam-creating programs, and other URLs within the message whose websites attempt a user to visit. Through these strict measures, spam attachments of different formats were detected and blocked, consequently.
And probably because of third generation spam engines, recent measurements indicate that, although the total number of spam messages circulating the globe doubled to more than 120 billion per day, spam with attachments dropped to less than ten per cent of the total spam account. Does it show that, through experimentation, spammers discovered that the lesser the contents of the message, the more effective it is? It possibly is true, because the dominating format in the world of spam today is the text-based ones—those with nothing more than some few advertising phrases and a link.
Spam, along with their creators, truly have evolved. Spammers have learned in the earlier half of 2007 how to react to the anti-spam measures that battle them suitably. The unmoving progress they had during that time urged spammers to persevere, which led to their experimentation process, understanding their malicious craft more along the way.
Spammers have realized that they should induce more spam traffic in people’s inboxes when anti-spam engines succeed progressively. Also, spam relying more on its attachments varied rapidly, an evident proof of spammers’ experimentations. At least, anti-spam engines learned to look not only in the content of the spam, but also around the spam message, an adaptive measure that gets a hearty amount of applauds from me. Individuals and companies alike should at least secure their e-mail addresses upon learning these spam threats. Remember, sending an e-mail, in a spammer’s point of view, is as simple as throwing a rock!
With a large number of spam paranoia drawing the attention of anti-spam groups and advocates, looks like 2008 is in for a virtual world war. There will be experimentations comparable to that of nuclear testings, only these ones will be damaging our virtual homes.
Anyway, with the defeat of viruses (as mentioned in the previous article, A New Breed of Spam), malicious programmers looked into infecting others through spam, too. Looking for a way so as not to send an entire Trojan horse to their victims, attacking spammers had pictured using a multiple phase assault on their victims. And sadly, their victims will end up inflicting themselves as they are tricked by these evolved spammers using the most seemingly harmless messages. With approximately 83 per cent of the world’s spam messages containing a malicious URL, you might not know it but you could have connected yourself to 2008’s greatest security threat, which we will discuss next.