Corporate Spam Levels Hit 90% In May
Spammers operate on a US work schedule, according to MessageLabs’ May spam report (PDF), either because the most active spammers—the workaholic-type spammers—are more likely to be operating in the US. But affluence among American workers, and their affinities for social networking and webmail also make them attractive targets.
This attractive workforce is increasingly making use of webmail and popular social networks. Webmail is arguably less secure than work-provided email or ISP-provided email. But also, as Hotmail, Gmail, and free services like them become more widespread, spam filters are less likely to flag addresses as known spam addresses. Universal access also makes them hacker targets—a simple dictionary attack is often all that is needed to crack an account.
Social network spoof emails have become a popular means of getting into email boxes. Emails appearing to be from Facebook, for example, are often trusted automatically by filters and recipients alike. Thinking the messages are from friends on social networks, targets often follow embedded links to spam sites.
Over 90 percent of corporate email is spam, according to MessageLabs, reflecting a five percent increase over April. Security researchers also peg CAPTCHA-breaking bots as a chief catalysts for the recent spike.
Such a spike in May could also have to do with expected new CAPTCHA technology Google has now released. Bots became adept at breaking text-based CAPTCHAs, but the new form requires human interpretation of images. Spammers may have upped the spam output in anticipation of more difficult to crack CAPTCHA.
Most of the spam, nearly 58 percent, was sent by known spambots around the world. Donbot wins the label of most active spambot, responsible for 18.2 percent all by itself, followed Rustock and Bable, accounting for 20 percent together, and botnets Cutwail and Xarvester, which sent out 10 percent combined.