Spammers Go Old School as Gimmicks Fail

The battle against spam continues, with many of the trends that started in 2007 dying out in favor of older techniques that worked, according to a new report from Symantec Messaging and Web Security.

One new trend, though, has been Europe surpassing the U.S. as the primary source of spam.

For the longest time, it had been botnet-infected computers in the U.S. that pumped out the bulk of offers for mortgages and herbal Viagra, which comprised a staggering 78.5 percent of all e-mail floating around on the Internet according to Symantec.

During the last half of 2007 that changed, however. In August, the U.S. accounted for 46.5 percent of all spam, compared to 30.6 percent for Europe, the Middle East and Africa (EMEA). By January, EMEA produced 44 percent while the U.S. was down to 35.1 percent.

Doug Bowers, Executive Editor in Symantec’s Antispam Engineering group and editor of the report, attributes the change to a two-part condition in Europe: the growth in broadband and a lack of installed security software.

“The more prevalent broadband connections become, then the more potential targets you have to become botnets,” he told InternetNews.com. “We’ve seen the adoption of security software lagging as broadband has exploded in Europe.”

The nature of spam has also changed, particularly when it comes to the use of attachments. Image-based spam started appearing in 2006 but has tapered off, as it have other attachments, like PDF and MP3s, which never really took off en masse.

Bowers has theories on this trend as well.

“I think they gave up [on image-based spam] as filters got better,” he said. “Spammers are smart, they measure their results, they move around to find other holes they can exploit.”

Symantec found that only 8 percent of spam letters now use images, down from 52 percent a year ago.

This decline in the use of graphics has resulted in the average spam letter getting smaller. Now the majority of letters (64 percent) are 2KB to 5KB in size, generally the size of a normal e-mail.

In part, images have become passé because many spammers are going back to the tried-and-true method of sending a link and counting on the recipient to click.

A growing trend has been to embed Google links that trigger a search. When the user clicks on it, they are taken directly to a spammer’s site.

Another growth area in spam has been in scam-based letters. These are different from phishing attacks in that they aren’t looking for banking information; instead, they attempt to get people involved in shady investment, real estate or loan deals.

Perhaps not surprisingly, the news comes the same week as Symantec debuts its Mail Security 8300 Series Virtual Edition, a virtual appliance version of its e-mail filtering appliance for VMware Server and ESX environments.

The Virtual Edition, introduced on Monday, runs on virtualized servers, so administrators can reprovision the resources as needed to add capacity to their infrastructure.

So if a company expands, merges, grows suddenly or is subject to seasonal changes in business, the server can be expanded to provide greater filtering.

“Going virtual means they can spin up virtual machines to meet their needs at a particular frame of time,” Bowers said.