Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Island Hopping Emerges as Spam Marches On



 By: Matt Hines
2006-11-01
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Researchers are reporting increases in spam volume attributed to botnets, image files and so-called island hopping, a newly emerging delivery technique that preys on far-flung domain names.

The spam epidemic keeps on trucking along, according to researchers, with a seemingly never-ending variety of attacks helping to serve up more unwanted e-mail to users than ever.

Researchers at security software maker McAfee are highlighting a new trend in spam delivery, which the Santa Clara, Calif.-based company has labeled "island hopping," that involves the use of Internet domains from far-off nations to disguise the mass e-mail campaigns.

While spammers have historically used popular domain names such as the .com, .biz or .info tags on their e-mail, McAfee said that an increasing number of people are using domain names of small islands as Web site links in their attacks.

Using the approach, spammers are trying to circumvent anti-spam technologies that have not been set up to block traffic coming from such destinations, the company said.

McAfee said that it first discovered the trend when its security researchers tracked a sizable increase in the use of .st domains, the top-level domain for Sao Tome and Principe, a small island off the west coast of Africa.

Following the trail of evidence left by spammers utilizing the unusual domain, researchers said they were able to follow the activity on a "virtual migration around the globe."

Resource Library:

Through its research, the company said it is now seeing heavy amounts of spam emanating from islands including Tokelau, Cocos, Tuvalu and American Samoa, among others.

"This new trend is another example of spammers relentless quest to spread their abuse of Internet domains far and wide," said Guy Roberts, senior development manager on McAfees Anti-Spam Research & Development Team. "Some of these islands have dozens of spammed domains per square mile."

Click here to read more about proposed technical solutions to spam.

Researchers at New York-based MessageLabs report that they have discovered a significant increase in recent spam-related botnet activities, such as the SpamThru network, with the latest outbreak of the Warezov virus helping to energize those efforts.

MessageLabs said that its testing systems caught more than 1.5 million copies of Warezov, also known as Stration, in just the first 36 hours after the virus was released beginning just after midnight on Oct. 26.

Warezof is a mass-mailing worm that propagates by sending copies of itself as an attachment to e-mail addresses found on an infected system.

Once executed, the threat runs a Windows computers Notepad application and drops malware files into the machines Windows folder and also attempts to download additional malware programs.

According to MessageLabs, Warezov already has more than 13 different variants, making it harder for anti-virus software makers to keep up with the virus and update their product definitions.

MessageLabs researchers said the effect of Warezov-infected computers on the Internet will be an "explosion" in the number of spam-sending zombie systems operating online, which will only further aggravate the spam problem.

San Jose, Calif.-based Secure Computing reported that its own research operations have tracked a 200 percent increase in the use of image spam, which works to evade anti-spam applications by embedding messages in e-mail borne image files, rather than using traditional text e-mails.

According to Secures data, gathered over the last three months, image spam now accounts for 30 percent of all unwanted e-mail, creating new headaches for IT administrators.

"Image-based spam is a particularly difficult problem for a couple of reasons," said Michael Osterman, analyst with Osterman Research, based in Black Diamond, Wash.

"It is much harder to detect with conventional spam-filtering and blocking technologies and further, it is typically much larger than normal text-based spam, consuming much more bandwidth and storage."

In a new effort to help stamp out spam, the StopSpamAlliance industry consortium was announced on Nov. 1.

A joint initiative between a handful of international IT organizations, the group is planning to spearhead anti-spam legislation and enforcement activities, consumer and business education, the creation of industry best practices for stopping spam, and international cooperation for catching spammers.

Among the groups participating in the effort are the APEC (Asia-Pacific Economic Cooperation Telecommunications & Information Working Group), the European Unions CNSA (Contact Network of Spam Authorities), the International Telecommunications Union, the London Action Plan, Organization for Economic Co-operation and Development and the Seoul-Melbourne Anti-Spam group.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Island Hopping Emerges as Spam Marches On
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


xr80VӮc]m![rYST婊PP$$MK;/qؗgLBITϖ˖0Ld&D?{{~$rȥklJ'{>D{{?.P`So92p=z#m)>M3ȩ Gl&J~x'AT{# x55Κ}ٚ#7Gp2 X-$0krZC'AjZ6(CJeX.( Ѧ_ږyL6ՇH;*7܉x8ѽ/DeOG^b&{By85;^7Ww2`Vq|&k`TOm}~DkMmW ؓ ۭ@x!BP#"F\ςwGI%ߦ'u٪b'Ӥbfx\LÑcPpm׃) TQ3C}bݳt#Գ@u|ף&Z# 3Mu֟GBԿ$f…05g?-G`>N8CEnڏU[۾tsgyDff.j.9acm c ЯdRr-2谖þɲnMw3a[]ޡlwǚZ*jUE9.TCxx*^yxx?X>̾Z8ӼN~3j_JY4E9^ϯs$(֝;` mKIu]+h0ӛNs#WOw~@.{Ad}+5UJ`Z. Ǔ$_c::fv}j\"ty[^  k٥zl$YS)2!,"['dni]Z77nZ'7wfٚY jiedX]1 -UY}vY4[ڧ.gw:Pڟ+Hok*}k!-/x_NlrO=.iT%5+2OiuxE$Y-r$:]^Czj ݖUB_ȻH_/Rx3of5 tA[&%90ɄSHu t:99~mE!oU:^T7o`2 &4 g}-w za4ZAu&h)5?&9gMab&DJH7є6)`I˪ TI%嗋mQu3 .)J!"x^3E !\J!]! g|8Jn.b? [&feٜ҅%]WaMoQ#L .uFV$U.[n} 8^%g 5F8 ,heݴ%!8WG5MGR>M׍fz\CU9-|Qnl :2X jX2nҡ>O: &} aO> 5٤6'4}t>჎$>hƋCr[n-rӇ{u4@ݣn]=&tfiXŞ+LPZi`IE 6]LR}>tqHhS0<zw0[[衟#j{t t,/{@`\@8)HpyY?g>o Wk6G~[>l03uJ@i0xz dQJ ds 4.gP)AH = \99 ŊI~ޑvZ*&RP*m=!ԑtܾZ*}-΍gR1eb -d[b~Il eV&vφaZLboD6], S m-mu{6 z`N&syj尤v Q#U^?])d[L9 =p `]?bn;N1%]&^>95Z ->ƈMG {D&f+Lo>L>hQox@6j![{ˀ)4+pPs' >`|=0Xհݙ2|dܣ%=?p*JNCjVzv}~7MAV?kp6+ s&rG|媞5 jx0?3\LdFfkMʚLr畔UIY(hJSլ LyO).EcwBl㜜;F]s;tOj_f]ZЬ{{#Uv/:At ]օVPKo@x dX{K/,è+AJK_ji tsaŰ,Bl6<:iМ^fdTR0i}]u}ZMXTM.r?  }dҶlߪ%M*ǚvX>ڹc3 %P$wSJ$l%K׳wN c=`tu; Nϣ )a!c"4)>F TXfRhjUVL-F*|( +ҵ瓩; Ң{Z^SvԻXa6nZ- V!0\(|pT30`-eO)]&ٰ\R ~j"yd\s˰e0,<<+ځi0A  ~H.Lb4>\Pbr>+ eT)5*IMxm"P/?ˇ%Ŵ谢Ԙy}Rː 0gted- IR-frheU-UjR9_V2:EƟR!prɵ>gw%eXY81f-1?0kE /ÊTU5+i fB1&} ldAX~\U4Uud¹`Qеa⢉!h+4khý235RzVU;OP(;Ђw>k-4fۤ`"+j#Uv~Ie(Q'3Gŵ5 S 1j>Lk}\Saݬ`,B[$ zXÈ hqņZ ZYMf~ q?Nqߎ3XAmšk+sD ü z30Jјlh^.Qm(}g_l6a9L6[JI) `uVDZ)~9HǞ1|]ܩe>tWc24NwoUUAS<:h3$P@hOXM\֮o,sqIe>2Q&B8Jh-[r_A~V0u^Ac#ȫͦG0(j'#O7)~ }$DC9m^RXP]\HmP*jIIz$ :,h2Y+(#t+^}i mD<[ 1wʨXISW">wD<7Ϩ;b}Nb4PG }f q5ivxHn:H墦Ak R;qO;a#ri&Q@Wt@ ɢ\' WeR8p,g$ ,$%,rF<"MMxhc RsɖBx%EDOCVgX&1W+ʬڼ f@48&o/?CjUeqbsE1 7k{J~Zg^c = bE2}{?RXn)hlsՓGx:ȄyuO_w^su[{Q~Z~RYEj_5[:"co:RO50osV(; J@#䆷$bw}\ɾ3z^^7{醿ð ]za孀tzΥsٸy߾_>\tn!crѾjI^zk΃  EKBV<Mx6q)qڎ7M ,#L=\=ֈdS㹑a "AKٺ̂! Qל$"j\N3dn,ʆqјW!9²VXȬE`&|C7$T0r,`$X)XAU:^_4>G:KE9P^S(+RJ)"4FYO |FϚM3_f|3Rt8|Qrw_ZaKѷo9Aߐ>1KwxEdW(kh,UbsZ;D:dNlp j_`ESrg4/E/p]Zinuz{DƖiR'DZ3pu*h hwl)~ڲOCT䵤 g[YUHN~@)b.̔yxh= ($rDaC>?V${ݙ8hcɥp `/awʜW#`Z ?Y ./}v}`>&k?d@T7]X9z}D{O,ikn;;=?PZFĩUrk#䰎NMl3,LjDž̳bt' 쐫N4.zҸ;5LNZ0e,H~"{#|$j~>xFM>xuS棏G 95'y V:7vkm,daSfo$׾v/ݻw~Zؖ[q*A-wK<L>?Fdc: M"I^U֩UdU)IW]YE㣑)?8boZ`@L6CGfKg=#tzooo=إG֛%<C?z'kLw.z@z@qSx{Zg%QJW=(q @kjiAr\"~^YZ䑽DHڃ} FuUF6m>9-3'K-x<79wB#EVާA#_'`65hfV،̓uYS />,0eRK˝Q^'\/_zca=r2C~=T~K\+OõNI)?KۂK_4׷ͱ/O>0 zc帡rYp>XuQ4d]('N+%<=$KU#Ѹb0dH8a|zx/K/\&dڵ>^Bas q,\W&"r<u\wgqdqN HGʂa̱<5O9z4 P|gIL{?NY0^ ?3`k`':|>H=w~<[g4e7pk>M dkN%rųꑘT()aVi1ϭ֙vVz[If*qHMl+n`ēv&%KR$]q!qa/.+q=OnA$]`vSg==K֣5ϏtJaphQ4-OB5`eݦ^зSg,V\$%z\xg^fAy-@E Ofd'AbO@<ݩJ!"Iqy#H?a[PQ1T="L~v}ʔS;'<݅Eе,P?GēW+ Q >o;%)/XZ ɶ%@˅ aҀA"NyB45wbCd%ukR|@,XRz/tK=Mw$PP '"  au1;S D~}TeҳYILLu[3@KԹ^lqvַsT9z6XfH+gLUbu9e281e@Xq$ H ̶,VyvfcDX0d$`=.m`Fu1Mj)w%&E;oERIY;ͰSﮝ1j]|]|]|]|W-]|z~O_+fَ cl{*u0ncv@Ե9ȷ`x@@$ Id 5`@mjmΗ VNOnnKXpT =. ׺ 1IP5.zRu oH8\,$l&0w^?C>#9#wֳR³t&H"#[buH_CmقZFda*^tKm~2rr'Ex$n\Oqsym`ׯ~^!m熸%?K<R%RuKNKaU h˙r V|`0I N%0sjA>6%_Zv9f\: LEY `ԟS981'QSLREYհ- ׯS_JYn[2y-"3`*s٭+,&VjR +[(05D`ihTZP;9Hzywwwwv=+Wz| @gK@;vg)!Ť ږI16&#mFn6ٖ!}cv8nc}Z/>A@h_x9;|V{z9A>`ƨ[7 8Sw6Hg3ۖ!<~ūV૘`>|1ތf}co CAW]X"|D5֏2B x(0 dM4Ghok}ۚ/,9,3z0` H$3t^rw0X"S&CI3$ G' lp}ۚ/3,F_ iKxa-tl٦r2zh <n ׀PLVy1B4zaOy[7{}']i+]cwCt"y}H~ ^UחM3Yǥw;//wxty/;rWW=|Ő'%?[޶-mP)Swrk")^e`B/|˕[3s&0c^",l߼ ۩})ʹmcl(M#*ۀږձE(#U_~Uֿe=:qR&Y8 eeX*u ݒc~uP2oH3@84kI/NI$8&weQqD3O s$Xz"9I,GKOu+פ |:ȄϠ 8eQΏ|Ҟ_VBģŹe^̲m/'I4b'rĕX,hILÑBuų Ta/Dxn~S}6;1BDz"t@9Ъ esը7>kE_A-Ĵjgϡ6 ?S{6UQiH:-FY^}X}V !^tEw'y{Ld8eٵD)2; (opwb䭼dUd??~܋!?YtNp^x I)LE|-A$㷈uDCঀ_V~x U;@k= f'aY13ʉmOG \xMEqmc 8B4o7.@,vĉae#)ȁ;]ĆWc3kxDYF,i.2EKe9L(1v%1h}PR #=%1 {c8|gs0T5Śx K5Zr59"G@Ÿ Rxc) +hx#B,cm/-Iyp\oK 6qN"F dr;B.]sI o*ʡZr^:XuZ.˘x<V@THk̘xWm4vlNz ytJu݊|*Z!ѤF -F55R9}fZӚbfƆX50VzZ3vX5Vڹ q yK-y -J4sc56غsmyrjy]E8a<<ߦ#q[P{JzAƞ}lMᗚkgKpʭBף6:}H:MD0U 2ki9uyӓGV5U*5Y\cOMQF#{i"BO .kXGl7̋1K%XStϞN,֐cnv er}TK;TI`o3(O*q'%l9c;ZV]Ml0jS5AH+{wi/1~J+kNdAI' vl"톮kmnBfϋT[B}Fsoy3<?bu{ι0vaeY ƋxfVؖTm}qV.NS)q:ɹ莥# ԰t|G*%_[Gx9ʇ1f=M7TQLm5rBʇیh%=QS=.<OcBLW<00t+P̲jNT]֏pY_E_dqmm,"tBG`߄w[8 :{rPZ-Fd>pXHґu o`<$z̥7d?= N8}_ǃ"Ba=X *>IoHl H]U# `x#J(zh_mnaQ-d7:}GD” Bq0~ 'bJU(IhRW|W |+R0cU-%+ߺ#SwV7Xkz+i+ j9Iˑ!;^)%: &O=lFLqq}}unHݴZ{zӾ;WuѹţK֊_ԝNiYu}Ӿ?B\͌r_;i_eC?t3?C">vˌ/3Y\f2?/?/3e*OP)3(ˌr߫ʐ+@;dN~kx:  7_/z/1>ArS~~2w Y{ f wɹN2!(odYNOoT8'\$_JeYW@a uuQ~@yJ2,c3\. f{9;[?[_קfr]!,.5PUZk3/YY׵cn%:@b}a/! c|U$X2M*u#(48%Y}MNJ 4tk 7b[yDYAI{R}tEOI>t𞫫i@Lw<-cENj).~QJxdB$h{U26#{":Ǩ*oND1KAF0wݣ,O ;HߪexĻϏeݞ܃8}n}7}zn_x` ~iMnڧ.l\Dpqk;ُϋGkwՕ ~3/߆zH'<+?}4(bi3Q*ˉ5ýEYR780׀zW37_}e\7㌠6Ǜv3{x5CZ7Wu}=tfZ}yPS$dȪ9(H+"7<R9)ŁS ;#kƘ=WCդz mLH7r7l cHj$7 rQӊj~JR' b_0&T$`vXrF(RB4|[W)u 8tSs艓<+Lа-h=J^?&GG^85j^ŗ1 {7/ ^"ev3:c(2ǂ)"Ra a@ŕ^*u10z6`%QHԣ^o16>&m\͠mCo^0Ɩ,ڵ"o,NwPs@OL"e?TMqgq%B4{Po.@cmd߻G"-Sx uqpaFE1`˙BOsE܉OE$VwS'4.&m`5 p01yWv%$<}t 1-XhkоxAqL[HNl7c@J`Xk/JV7B3Ff˩KsuJ]Xvg {PcxX8 7tgG=םP񿫺why-gҰs5 D 9bY> 9K:FƋl/&o.;Lm> 2#0G MĮ+fAjrf_톝)ˎlt> Oa"q0q?I+_{l x$QhϡI'kR `wO]2PNYY`_GFb#+M{Vk*q>w iցkuhB/]~` 7VX#e i_3QNǮ'}M=n~Pւ!نIrf;W^{ #D3dưz< RƠ)e h }@<`ȲsLALH\=mz^DltΖb/IN1^R¬s]qw5tK-gX|@ăHz!$[Wp|"ϷeքzLU"z̴៶;Dl3%Yz'Oޒێ־( ;FaiЄΧap穎mlU|JA1^Ku #A]=_v{[>/'`uOW]Q糺aJ׼t{%!Ү\)Vbʥ.Sܟ=Ba҅fHEk,^zeXѽ&gP9N]]Tjã ,Wd<ԭ<P0_C^&?c5Vqٮ7G,cݰKQaW:6n uywXL\7﹨]eCFP1]ov$ѿ9V0|6,lp/>&燸[0tcN﮳zg[8KIJ y2 !NZxyU~ҥ^.I,'acQd+8*)ؐrk`LbOP1,sTv7=M`N*)Asa#El ;Ap^7׮msS<"Y4.tRM_ x.C%ӫrul#^"|fa*H3By,O>A@`V\3zf7tZS5gzB<]S)j1Bi6aٍ1:`=`Z>^]x 0gWPR X*-f1%D88)ҡCCԞBJ>eSa7@n0\|d[\Kڅtc\j9/bYT~>1r*r* _xD4;NbŠ bR<'\B/1,L% nEkn `!gtָl_|>!L*`'hVXvQJ}g֌V&|Z2c N_ 3AM)