RealTime IT News

Spam Learns a New Language

Spam has reached its highest level in years, according to the latest MessageLabs Intelligence Report on spam from Symantec. But in some ways, spammers are just getting lazy.

While spam now accounts for as much as 95 percent of all e-mail traffic, many of those spam letters are the same, except that they're now being translated into multiple languages.

Spam levels are at their worst in France, Germany and the Netherlands, where they have topped 95 percent. In the U.S., it's "only" 86 percent. MessageLabs researchers suspected the reason it's become so bad because spammers are using automated translation services and templates to translate their snake oil into multiple languages.

Just three or four years ago, non-English spam represented 1 or 2 percent of the total spam floating around on the wires. More recently, it rose to 6 or 7 percent and that was considered high.

Now, the report found that local language spam now accounts for 46 percent of spam in Germany, 53 percent in France, 25 percent in The Netherlands, 62.3 percent in Japan and 54.7 percent in China.

"Seemingly, spammers are now using templates to engineer this translation 'on-the-fly,'" the report stated. "As the spam messages are being composed, they are able to change company names, domain names and other references as part of the automation process. The language for translation is suspected to be chosen based on the top-level country domain from the email address of the recipient; for example, an address ending in .fr may be translated into French, and .de into German."

Analysis of Web-based malware found that only 0.7 percent of all Web-based malware intercepted in July was new, compared with 58.8 percent in June. So either malware writers don't seem to be rushing to innovate like they used to or the good guys aren't able to find the new stuff.

The MessageLabs report also examined URL shortening services. There's a growing number of these services, made all the more valuable by the popularity of Twitter and its 140 character limits. Because the services, like TinyURL.com or Bit.ly, work through redirects from links to their own site, the user can't see the destination address.

While useful, URL shortening is also becoming a dangerous breeding ground for malicious activity. MessageLabs found that in July, many of these domains began appearing in e-mail spam, accounting for as much as 6.2 percent of all spam in a peak of activity on July 9 -- equivalent to more than 9 billion spam messages per day worldwide.

The Donbot botnet is the worst offender, responsible for sending approximately five billion of those 9 billion spam messages each day. Most recently the spam has related to casino, bingo or gambling spam.

MessageLabs also noted a third lingering problem: spam exploiting the death of Michael Jackson. Since Jackson's death on June 25, a number of malware campaigns hit the Internet and at one point, approximately 1 percent of all spam referenced Michael Jackson.

The fraud continues, with Michael Jackson-based spam pushing malware that's linked to a Trojan. That Trojan installs a keylogger for stealing info for Brazilian banks. Not surprisingly, the spam targeted South America and was written in Portuguese.

The entire MessageLabs report can be viewed here (PDF format).