Higher Email Threat Volumes, Greater Cybercrime Profits

Nymphadora's picture

Data collected by SonicWALL, Inc. from its SMARTLABS network of over one million email users showed increased convergence in the 2006 malware ecosystem, with combinations of spam, phishing, viruses and DHA attacks delivering new levels of profitability for online fraudsters.

During the year, SonicWALL recorded twice as many directory harvest attacks (DHA) as all spam attempts, which rose to two and a half times their 2005 levels, together with greater and more ingenious levels of phishing attacks, and a sharp increase in 'stealth' virus attempts.

"The overriding goal of spam today is profit, and an increasing amount of spam is intended to enable theft on a grand scale," said Gleb Budman, senior director of Email Security at SonicWALL. "Online theft has become more sophisticated, more 'stealthy' and more universal: rather than targeting large organizations, scammers are making substantial profits by focusing on individuals." 2006 profits from phishing scams rose fourfold, from $257 to $1244 per victim according to a November '06 report by Gartner Group.

SonicWALL's findings indicate that directory harvest attacks, or messages sent to non-existent company email addresses, rose by 505.6%. "This is one way in which phishers collect more email addresses for their scams," Budman added. "We've seen an increase of 64% in the numbers of definite phishing emails, and our data shows that not only are phishing attempts becoming more ingenious, but that phishers are sending more messages for each attempt."

While the number of 'nuisance' viruses declined, SonicWALL recorded an increase in attempts featuring spyware and keystroke loggers designed to steal sensitive personal information, and a rise in distribution of the stealth viruses intended to hijack computers for use as spam servers. "Only a few hundred systems are needed to form a 'botnet' capable of sending hundreds of millions of spam messages," said Budman. "The zombie machines operate in quick bursts, then go silent, enabling the infection to remain unnoticed for longer periods of time. This is a key contributor to the spike in spam volumes."

Image spam, which attempts to bypass mail filters by using graphics rather than text, rose nearly 500% in 2006 and 'pump and dump' penny stock hype scams rose by approximately 400% in the same period, according to SonicWALL figures. SonicWALL data also shows that irrelevant or unwanted emails remain a major annoyance to email users: the volume of emails disallowed by individuals according to personal preference grew by 230% in 2006. The top ten institutions whose names were spoofed by spammers were banks, according to SonicWALL.

"Overall, we've seen a growth of 274% in unwanted email during the year, almost half of which is spam, but there are many ways of halting the flood," said Budman. "One of the easiest is to check that your email filter is properly configured. Companies sometimes have their own domain on their list of allowed mail, which creates an open door for spammers. Stacking multiple different email systems typically catches only a few extra spam attempts, but will double the amount of good mail mistakenly caught, thereby increasing the complexity of management."

In the fight against spam, SonicWALL technologies include: SonicWALL Email Security, using a combination of technologies to fight spam, phishing, virus, DHA, DoS and other attacks; SonicWALL Content Filtering solution using unique Adversarial Bayesian technology identifies and blocks spammers' attempts at trickery based on content analysis. SonicWALL Reputation, a hierarchical reputation system that goes beyond IP address reputation, provides reputation matching on domains, senders, messages, and message components - SonicWALL.

Add new comment