Spammers love Google Blogspot and Apple MobileMe, according to a new threat intelligence report from MessageLabs. According to MessageLabs, spammers are increasingly using Google Blogspot, Apple MobileMe and social networking sites such as Bebo to spread their wares.
Spammers are becoming big fans of Google Blogspot and Apple MobileMe,
according to a new intelligence report from MessageLabs.
In its October Intelligence Report, the security vendor's analysis showed an
increase in spam blogs on Google Blogspot and a rise in spam sent via fake
MobileMe accounts. To maximize the use of the bogus MobileMe e-mail addresses,
spammers link them with fake accounts created on social networking sites.
MessageLabs puts the blame at the feet of CAPTCHA breaking tools, which are
increasingly finding their way into the hands of spammers.
"With the exploitation of Google Blogspot and MobileMe, we are again seeing
two common spamming practices converge-CAPTCHA breaking techniques and
exploitation of free hosted services," said Mark Sunner, chief security analyst
at MessageLabs, in a statement. "The spammers are now taking it one step
further and experimenting with the capabilities of social networking sites,
like Bebo. As a result, users of social networking sites are receiving more buddy
requests from fake profiles wishing to connect."
The approach works because traditional anti-spam solutions are unable to
differentiate between these requests and genuine ones, the report warns.
"The buddy requests appear genuine as they are from the real social
networking site and consequently their headers are intact and correct,"
according to the report. "Moreover, the e-mail addresses attached to the
profiles are also valid, albeit they have been created fraudulently. Often, the
only visible clues may sometimes be the random arrangement of letters in the
user name portion of the e-mail address."
Apple has posted some
for MobileMe users on dealing with phishing attacks.
Overall, there was actually a 0.4 percent decrease in the ratio of spam to legitimate
e-mails detected for the month, with 1 in every 1.43 e-mails being spam,
according to the report. However, that was counteracted by a 103 percent jump
in the volume of phishing attacks as cyber-crooks looking to take advantage of
the global financial crisis with e-mails about bank mergers and the like.
The report also noted that 4.9 percent of all Web-based malware intercepted
during the month was new, with the vendor identifying an average of 5,424 new
Web sites per day harboring malware.