Spammers Target Google Blogspot and Apple MobileMe

Spammers love Google Blogspot and Apple MobileMe, according to a new threat intelligence report from MessageLabs. According to MessageLabs, spammers are increasingly using Google Blogspot, Apple MobileMe and social networking sites such as Bebo to spread their wares.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Spammers are becoming big fans of Google Blogspot and Apple MobileMe, according to a new intelligence report from MessageLabs.

In its October Intelligence Report, the security vendor's analysis showed an increase in spam blogs on Google Blogspot and a rise in spam sent via fake MobileMe accounts. To maximize the use of the bogus MobileMe e-mail addresses, spammers link them with fake accounts created on social networking sites.

MessageLabs puts the blame at the feet of CAPTCHA breaking tools, which are increasingly finding their way into the hands of spammers.

"With the exploitation of Google Blogspot and MobileMe, we are again seeing two common spamming practices converge-CAPTCHA breaking techniques and exploitation of free hosted services," said Mark Sunner, chief security analyst at MessageLabs, in a statement. "The spammers are now taking it one step further and experimenting with the capabilities of social networking sites, like Bebo. As a result, users of social networking sites are receiving more buddy requests from fake profiles wishing to connect."

The approach works because traditional anti-spam solutions are unable to differentiate between these requests and genuine ones, the report warns.

"The buddy requests appear genuine as they are from the real social networking site and consequently their headers are intact and correct," according to the report. "Moreover, the e-mail addresses attached to the profiles are also valid, albeit they have been created fraudulently. Often, the only visible clues may sometimes be the random arrangement of letters in the user name portion of the e-mail address."

Apple has posted some advice here for MobileMe users on dealing with phishing attacks.

Overall, there was actually a 0.4 percent decrease in the ratio of spam to legitimate e-mails detected for the month, with 1 in every 1.43 e-mails being spam, according to the report. However, that was counteracted by a 103 percent jump in the volume of phishing attacks as cyber-crooks looking to take advantage of the global financial crisis with e-mails about bank mergers and the like.

The report also noted that 4.9 percent of all Web-based malware intercepted during the month was new, with the vendor identifying an average of 5,424 new Web sites per day harboring malware.