From the Security Experts

March 31, 2009

Google Interview: Spammers Are Leveraging Recession

By SIP Trunking Report Editor

Spam is on the rise, officials with the Internet’s search and ad leader told TMCnet during an interview today, and the cyber-criminals behind it are developing more sophisticated attacks, partly in response to the shut-down of a California-based Web hosting service provider that carried massive amounts of malware and botnet traffic.

According to Adam Swidler, a product marketing manager at Google Inc., spammers have become more media-savvy and are using “newsy” hooks – such as an economic recession that’s fueled record unemployment levels – to get computer users to click on infected items, add a machine to a botnet and introduce malware.
“The big thing is that spammers are taking advantage of the economic situation and the kind of stress that people are feeling every day,” Swidler told TMCnet. “They’re developing content that’s related to preying upon that insecurity and people’s uncertainty, whether it’s refinancing a house, improving a resume or continuing education. In general, what we’ve seen from spammers is the ability to take advantage of what is going on.”
Swidler’s comments come as his colleague at Google – Amanda Kleha of the Mountain View, California-based company’s security and archiving team – posts here about rising spam trends.
Specifically, the Postini, Inc. (a Google subsidiary) team says, spammers have rallied since the late-2008 takedown of McColo – the San Jose, California-based company which two upstream providers shut down because of the malicious traffic coming from McColo servers.

“Spammers have clearly rallied following the McColo takedown, and overall spam volume growth during Q1 2009 was the strongest it’s been since early 2008, increasing an average of 1.2 percent per day,” Kleha writes. “To put that number into context, the growth rate of spam volume in Q1 2008 was approximately 1 percent per day – which, at the time, was a record high.”
It’s a timely topic. As TMCnet reported today, many security experts are trying to quell fears that the so-called “Conficker” worm is poised for a massive April Fools’ Day attack tomorrow.
Conficker surfaced in October and it targets the Microsoft Windows operating system – not Macs. The worm, which exploits vulnerabilities in the Windows Server, has been difficult for network operators and law enforcement to counter because it uses several advanced malware techniques.
Swidler told TMCnet that although there’s something in the worm (its most recent variant is called “W32.Downadup.C”) that refers to April 1, there’s no hard data to predict what will happen tomorrow, one way or another.
Even so, the cyber-crime market is fertile. Just this week, federal officials warned in a new report that Web fraud reported to U.S. authorities increased by 33 percent last year.
According to the so-called “Internet Crime Complaint Center,” or “IC3” – a joint agency of the Federal Bureau of Investigation and the National White Collar Crime Center – that trend marks the first rise in three years, and is surging this year as the recession deepens.
One official behind the report, John Kane, reportedly told journalists that “2009 is shaping up to be a very busy year in terms of cyber-crime.”
Specifically, of 275,284 complaints received in 2008 by IC3, about 72,940 were referred to U.S. law enforcement agencies for prosecution.
“It is our belief that these numbers, both the complaints filed and the dollars, represent just a small tip of the iceberg,” Kane, managing director of the National White Collar Crime Center in Richmond, Virginia.
According to Kleha, the most significant development for spammers appears to the emergence of “location-based” attacks, which find out where an individual users is based – using source IP information – and then directs that user to a fake news headline that may describe a crisis or disaster in a nearby city.
Here’s a look at Google’s daily quarantined spam for user over the past few months:
Officials at Google’s Postini-powered security and archiving services have vast experience in the field, as they view and eradicate spam from more than 3 billion enterprise e-mail connections every day, including 50,000 businesses and 15 million business users.
Swidler told TMCnet that, primarily, what drives spammers are numbers. The cyber-criminals seek to cast their nets as wide as they can, Swidler said.
“In order to make a reasonable return that keeps them in business, spam has to get through a number of defenses out there,” he said. “The more you produce, the more that actually get through. That’s ultimately what is going on.”
The big message for computer users is to be vigilant in terms of both actions and defenses, according to Swidler. Business, especially, should look for cloud-based solutions – Google’s is among the best – to keep spammers at bay.
“Businesses, particularly those running their own e-mail servers, should make sure their systems are updated,” he said.

Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.

Michael Dinan is a contributing editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To read more of Michael's articles, please visit his columnist page.

Edited by Michael Dinan