Spammer attacks surging in early 2008

Posted by Wolfgang Gruener

Englewood (CO) – Spammers have increased their activities in 2008, adjusted their strategy and apparently are increasingly successful at getting more and more spam into email inboxes. Security firm MX Logic found that, other than in previous years, the amount of spam has not come down since the holidays, indicating that we could see a new surge in spam attacks this year.

MX Logic says that spam volumes typically decrease by about 30% from Christmas peaks in the first few months during a new year. However, according to the security firm, there is a different trend this year, with spam levels holding steady and even rising. This especially applies to phishing emails, which doubled between January and February of this year and image spam increasing by 60% during the same time frame. Overall spam levels were estimated by the company at about 88% as of this morning.    

MX Logic mentioned that relatively new strategies such as “social” spam, which includes update notices and phony Google search results, are gaining popularity among spammers, but long known tactics such as drive-by-pharming and master boot record (MBR) rootkit attacks are reemerging.   

Among the more concerning trends is Google spam, which to artificially exploit the firm’s "PageRank" system and lift the ranking of a certain site in search results. Once this has been achieved, spam blasts are sent out which craft URLs that query on these keywords and emulate the Google "I'm Feeling Lucky" button which automatically redirects users to the query's top ranking site. MX Logic says that in most cases this type of spam redirects users to pharmacy sites at this time, but there is an obvious threat to distribute malware via malicious JavaScript, iframes, or even PDF downloads.

The security firm also said that MBR rootkits are gaining traction again. Rootkit viruses launch when a computer's BIOS activates its master boot code before the operating system, according to Sam Masiello, director of threat management at MX Logic. Usually rootkits are attached to Windows device drivers.  This new rootkit type is difficult to remove, as they remain on the PC even if the operating system is reinstalled. MX Logic recommends affected users to download a Microsoft utility called "fixmbr" to restore the MBR and remove such rootkits.