Spam to take on deadlier avatar in 2010
January 5, 2010Between September and October, more than two per cent of spam emails had an attached malware -- a nine-fold increase.
While 2009 has been a significant year for spammers, 2010 is going to take a turn for the worse. More spam from more sources and bearing more dangers will land in our inboxes.
Today, spammers are not just peddling products, they are also executing scams and convincing users to download malware.
Last year had its fair share: Valentine's Day, H1N1 Flu, the crash of Air France Flight 447, Serena Williams, the deaths of Michael Jackson and Patrick Swayze all were exploited by cyber criminals. In fact, spammers struck closer home by actively leveraging festivals such as Diwali. With the Fifa soccer world cup and the Commonwealth Games, 2010 is likely to be a year of record, with spammers possibly marking their calendar of crime.
While few consider spamming a criminal activity, the financial benefits associated with are surpassing drug trafficking, according to some asessements. The underground mafia is raking in the moolah, selling unauthorised email lists to less-than-legitimate marketers and significantly more dangerous online thieves.
As cybercrime becomes a well-paying option for some, users will bear the brunt of unwanted wares in their inboxes. However, while spam levels have been growing at an average of 15% since 2007, this level of growth may not sustain in the years to come.
Instead of the rise in numbers that we've been witnessing, 2010 will be a landmark year in terms of ingenuity of attacks, as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe. Emerging internet hubs such as India, where broadband connectivity is growing leaps and bounds, will also emerge as an attractive target for spammers.
It will also herald the rise of non-English spam. As broadband connection penetration continues, particularly in developing economies, spam in nonEnglish speaking countries will increase. For example, in some parts of Europe, Symantec estimates the levels of localized spam will exceed 50 percent of all spam.
Even as awareness about email spam and the effectiveness of spam filters and Captcha technologies continue to grow, cyber criminals are also discovering alternative mediums to increase their reach. If image spam was a recurring theme in 2009, instant messaging spam will be a highlight of the spammers in 2010. Instant messaging services are an ideal vector for spammers. These ubiquitous applications used for a variety of reasons by practically every internet user will be exploited to deliver not only unsolicited messages, but also malicious links aimed at compromising legitimate accounts.
By the end of 2010, one in 300 IM messages will contain a URL. Also, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware. In mid 2009, that level was 1 in 78 hyperlinks.
Another popular internet tool, the social networking site, is also rapidly rising on the spammers' list of favourites. In 2009, we had witnessed instances of compromised accounts on widely used social networking sites being hijacked to deliver spam, malware and a plethora of threats, to all the "Friends" on the users' list.
However, the coming year will redefine the sophistication and sheer number of these attacks.
Social networking sites are growing to be a potential gold mine for cyber criminals, thanks to the wealth of private information and high levels of trust among users. When an unsolicited message is received from a friend, even users who are aware of cyber threats will tend to open and act on these messages.
The internet today is undisputedly a more dangerous place. The launch of 3G in 2010 will open up a vast new avenue for cyber criminals, who will undoubtedly exploit the rising mobile penetration in India 12 million users per month, on average to deliver spam and malware for the mobile phone.
Author: Shantanu Ghosh, vice president, India product operations, at Symantec