Spammers are becoming big fans of Google Blogspot and Apple MobileMe, according to a new intelligence report from MessageLabs.
In its October Intelligence Report, the security vendor’s analysis showed an increase in spam blogs on Google Blogspot and a rise in spam sent via fake MobileMe accounts. To maximize the use of the bogus MobileMe e-mail addresses, spammers link them with fake accounts created on social networking sites.
MessageLabs puts the blame at the feet of CAPTCHA breaking tools, which are increasingly finding their way into the hands of spammers.
“With the exploitation of Google Blogspot and MobileMe, we are again seeing two common spamming practices converge-CAPTCHA breaking techniques and exploitation of free hosted services,” said Mark Sunner, chief security analyst at MessageLabs, in a statement. “The spammers are now taking it one step further and experimenting with the capabilities of social networking sites, like Bebo. As a result, users of social networking sites are receiving more buddy requests from fake profiles wishing to connect.”
The approach works because traditional anti-spam solutions are unable to differentiate between these requests and genuine ones, the report warns.
“The buddy requests appear genuine as they are from the real social networking site and consequently their headers are intact and correct,” according to the report. “Moreover, the e-mail addresses attached to the profiles are also valid, albeit they have been created fraudulently. Often, the only visible clues may sometimes be the random arrangement of letters in the user name portion of the e-mail address.”
Apple has posted some advice here for MobileMe users on dealing with phishing attacks.
Overall, there was actually a 0.4 percent decrease in the ratio of spam to legitimate e-mails detected for the month, with 1 in every 1.43 e-mails being spam, according to the report. However, that was counteracted by a 103 percent jump in the volume of phishing attacks as cyber-crooks looking to take advantage of the global financial crisis with e-mails about bank mergers and the like.
The report also noted that 4.9 percent of all Web-based malware intercepted during the month was new, with the vendor identifying an average of 5,424 new Web sites per day harboring malware.