Image spam down; PDF spam up: Symantec
While overall spam activity remained steady in July, the tactics are changing, according to the State of Spam August 2007 report from Internet security firm Symantec.
Overall spam levels at the simple mail transfer protocol (SMTP) layer in July remained consistent, averaging 66 percent of total e-mail. Image spam is on the decline and recorded its lowest percentage of total spam at 8 percent in mid July. At its peak in January, Symantec estimated that image spam accounted for nearly 52 percent of all spam.
"The shift from image spam to PDF spam is a combination of vendors having a lot of filters and image spam not proving as profitable, so spammers are looking for new loopholes for attacks," said Doug Bowers, senior director of anti-abuse engineering at Symantec, Cupertino, CA.
Spammers have shifted their focus to the use of document attachments like PDF files. PDF spam continued to increase and in July accounted for between 2 percent and 8 percent of all spam. Excel and Zip files are increasingly also being used as spam receptacles.
The spam category breakdown was 18 percent financial, 28 percent products, 13 percent health, 6 percent leisure, 17 percent Internet, 9 percent scams and 4 percent fraud.
Greeting-card spam remains a spammer favorite. Always popular among spam content, it was particularly virulent in July with more than 250 million of these spam messages being targeted toward a sample set of customers. The content of these messages included links to everyday greetings and holiday-specific cards, such as the 4th of July.
Each message contained a link to the "greeting card." The link in these cases was an exposed IP address. When clicked, the link delivers a downloader, a program that accesses the Internet and downloads a Trojan onto the computer.
Though almost half of spam comes from North America, 20 percent of spam comes from Asia, and spam containing Chinese top-level domains significantly increased.
The trend of localizing spam attacks to increase the target market continued in July. European casino spam observed by Symantec in April continues with casino spam in Italian, French and German. Italian medication spam was also observed, as were offers for the iPhone in the UK, where it is currently not available.
"The profit motive is to make money and, in these particular regions, these types of spam messages have proven profitable," Bowers added.