Island Hopping Emerges as Spam Marches On

Researchers are reporting increases in spam volume attributed to botnets, image files and so-called island hopping, a newly emerging delivery technique that preys on far-flung domain names.

The spam epidemic keeps on trucking along, according to researchers, with a seemingly never-ending variety of attacks helping to serve up more unwanted e-mail to users than ever.

Researchers at security software maker McAfee are highlighting a new trend in spam delivery, which the Santa Clara, Calif.-based company has labeled "island hopping," that involves the use of Internet domains from far-off nations to disguise the mass e-mail campaigns.

While spammers have historically used popular domain names such as the .com, .biz or .info tags on their e-mail, McAfee said that an increasing number of people are using domain names of small islands as Web site links in their attacks.

Using the approach, spammers are trying to circumvent anti-spam technologies that have not been set up to block traffic coming from such destinations, the company said.

McAfee said that it first discovered the trend when its security researchers tracked a sizable increase in the use of .st domains, the top-level domain for Sao Tome and Principe, a small island off the west coast of Africa.

Following the trail of evidence left by spammers utilizing the unusual domain, researchers said they were able to follow the activity on a "virtual migration around the globe."

Through its research, the company said it is now seeing heavy amounts of spam emanating from islands including Tokelau, Cocos, Tuvalu and American Samoa, among others.

"This new trend is another example of spammers relentless quest to spread their abuse of Internet domains far and wide," said Guy Roberts, senior development manager on McAfees Anti-Spam Research & Development Team. "Some of these islands have dozens of spammed domains per square mile."

/zimages/4/28571.gifClick here to read more about proposed technical solutions to spam.

Researchers at New York-based MessageLabs report that they have discovered a significant increase in recent spam-related botnet activities, such as the SpamThru network, with the latest outbreak of the Warezov virus helping to energize those efforts.

MessageLabs said that its testing systems caught more than 1.5 million copies of Warezov, also known as Stration, in just the first 36 hours after the virus was released beginning just after midnight on Oct. 26.

Warezof is a mass-mailing worm that propagates by sending copies of itself as an attachment to e-mail addresses found on an infected system.

Once executed, the threat runs a Windows computers Notepad application and drops malware files into the machines Windows folder and also attempts to download additional malware programs.

According to MessageLabs, Warezov already has more than 13 different variants, making it harder for anti-virus software makers to keep up with the virus and update their product definitions.

MessageLabs researchers said the effect of Warezov-infected computers on the Internet will be an "explosion" in the number of spam-sending zombie systems operating online, which will only further aggravate the spam problem.

San Jose, Calif.-based Secure Computing reported that its own research operations have tracked a 200 percent increase in the use of image spam, which works to evade anti-spam applications by embedding messages in e-mail borne image files, rather than using traditional text e-mails.

According to Secures data, gathered over the last three months, image spam now accounts for 30 percent of all unwanted e-mail, creating new headaches for IT administrators.

"Image-based spam is a particularly difficult problem for a couple of reasons," said Michael Osterman, analyst with Osterman Research, based in Black Diamond, Wash.

"It is much harder to detect with conventional spam-filtering and blocking technologies and further, it is typically much larger than normal text-based spam, consuming much more bandwidth and storage."

In a new effort to help stamp out spam, the StopSpamAlliance industry consortium was announced on Nov. 1.

A joint initiative between a handful of international IT organizations, the group is planning to spearhead anti-spam legislation and enforcement activities, consumer and business education, the creation of industry best practices for stopping spam, and international cooperation for catching spammers.

Among the groups participating in the effort are the APEC (Asia-Pacific Economic Cooperation Telecommunications & Information Working Group), the European Unions CNSA (Contact Network of Spam Authorities), the International Telecommunications Union, the London Action Plan, Organization for Economic Co-operation and Development and the Seoul-Melbourne Anti-Spam group.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.