Attacks aimed at lightly protected instant messaging systems and spam that replaces text with images in an effort to dupe filtering software are growing in popularity, according to new research released by Postini.
As indicated in Postinis Message Security and Management Update for June, hackers and spammers continue to become more sophisticated in response to more widespread use of IT security applications. Hackers are moving beyond e-mail-borne viruses in favor of IM and Web site attacks, and spammers are using any way they can find to avoid network and endpoint message scanning tools as part of their evolution, researchers said.
In June, Postini said it intercepted a wave of new IM-based malware attacks, including Worm.pic-myspace-info, a worm virus that attempts to lure victims to a malicious Web site where the worm installs itself on an end users PC. The attack then infects a victims IM client software and replicates itself as an IM to all of the victims “buddy list” contacts.
Another high-profile IM threat involved the Secunia/Yahoo.dos.vuln virus, which was aimed at users of Yahoo Messenger and attempted to launch DoS (denial-of-service) attacks on infected machines and crash other users IM clients by assailing them with large volumes of messages.
San Carlos, Calif.-based Postini said it blocked more than 26 million e-mail-oriented viruses in June, representing a 4 percent decrease compared with May, and continuing a decrease in the sheer number of those types of attacks. The drop-off in e-mail threats is directly attributable to malware writers shift toward attacking other, more vulnerable systems, including IM.
The top five viruses Postini tracked during June were Netsky, Mytob, Mime, Bagle and Mydoom, in that order. The company said its filters intercepted nearly 4.5 million individual Netsky attacks, 3.6 million instances of Mytob, 2.6 million examples of Mime, 2.5 million versions of Bagle and 1.4 million Mydoom threats.
As anti-spam tools that use content filters to weed out unsolicited e-mails proliferate, those people responsible for creating the messages continue to increasingly adopt image spam. By sending e-mails that contain no text, only pictures, scammers have found that they can evade many security systems, Postini said. The messages often include image files that have a screen shot offering the same types of information advertised in more traditional text-based spam.
Among the most popular image spam campaigns in June were those that centered on themes related to the World Cup and messages containing pornographic images. After declining steadily throughout 2005, from about 12 percent of all spam down to about 5 percent, the use of image spam jumped dramatically in December 2005, to 25 percent of all nuisance mail.
“Hackers and spammers are logically shifting their attacks away from secured systems, and aiming at unsecured ones as it is now very difficult to get a virus or worm past modern e-mail protection systems,” said Andrew Lochart, senior director of marketing at Postini. “While most anti-spam products do a good job against run-of-the-mill text-based spam, many fail totally when presented with no text to analyze, thus the rapid rise in the use of image spam.”