October 15, 2008
Spammers Attempt to Camouflage Reputation Says Commtouch Trend Report
New camouflage tactics spammers use to cloak their bad reputations enable malware and unwanted messages to infiltrate inboxes, according to a new report by Commtouch(R) (Nasdaq:CTCH).
Commtouch's third quarter 2008 Email Threats Trend Report, released today, is based on the automated analysis of billions of email messages weekly.Highlights of the report include:
-- Spam levels throughout the third quarter averaged 77%, as in the previous quarter, ranging from a low of 61% to a peak of 94% of all email
-- Legitimate sites and senders were used by spammers to cloak their illicit activity, including sites like Microsoft's Live.com
-- Over half of zombies/bots change their IP address daily
-- Germany has the fastest rate of zombie IP address turnover, at approximately 79% per day; China is a close second at 78% turnover per day
-- Malware masqueraded as legitimate newsletters such as CNN Daily Top 10 or IE7 Browser updates
-- New spam tactics during the quarter included: links to Flash (.swf) files, ASCII art spam, and hidden Bayesian poisoning text combined with HTML tricks
"Internet Service Providers and enterprises are implementing a broad range of filtering tactics, including filtering based on sender reputation, which in turn impact how spammers and malware distributors can reach their goal of penetrating inboxes," said Amir Lev, chief technology officer of Commtouch. "The growing trend is for spammers to adopt the good reputation built up by other sites and senders in order to bypass reputation-based email filters. They accomplish this in a number of ways, including stealing legitimate email senders' credentials, or compromising email account enrollment processes and automatically registering thousands of free email accounts. This puts ISPs in the uncomfortable position of becoming the source of outbound spam rather than just trying to protect their subscribers from receiving spam."
Commtouch Recurrent Pattern Detection(TM) and GlobalView(TM) technologies identify and blocks email threats, including increasingly malicious malware and phishing outbreaks. Commtouch messaging security technologies were recently awarded the 2008 European Messaging Security Technology Innovation of the Year Award by analyst firm Frost & Sullivan.
More details, including samples of spam and malware messages, are available in the Commtouch Q3 2008 Email Threats Trend Report, available from Commtouch Labs at: http://www.commtouch.com/documents/Commtouch_Q308_Email_Trends.pdf.
NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering at the ISP level.
Commtouch Software Ltd. (NASDAQ:CTCH) is the source of proven messaging and web security technology for scores of security companies and service providers, founded on a unique datacenter-based approach. Commtouch's expertise in building efficient, massive-scale security services has resulted in its patented technology being used to mitigate Internet threats for thousands of organizations and hundreds and millions of users in over 100 countries. Commtouch's Data Centers automatically analyze billions of transactions in real-time to identify new spam, malware and zombie outbreaks as they are initiated. Commtouch's unmatched suite of security offerings - anti-spam, virus detection, reputation and zombie intelligence services - work together in a comprehensive feedback loop. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary in Sunnyvale, Calif. For more information and real-time statistics and trends, see: http://www.commtouch.com and the Commtouch Cafe blog at: http://blog.commtouch.com/cafe.
Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.