Cloudmark CTO Jamie de Guerre continues his response to the question of what has changed in the battle against spam in the last year, discussing free content-hosting services, compromised accounts at Webmail providers and new-media spam.
More from Jamie de Guerre, CTO of Cloudmark. Today’s column is a continuation of his response to the question of what has changed in the battle against spam in the last year. All of the text below is de Guerre’s own material with minor edits.
Slideshow: Famous last words about spam
* * *
In 2008 spammers increasingly used free content-hosting services as the call to action in their spam e-mail. Again, spammers know that one way antispam vendors block messages is based on the call-to-action URL or domain in the message, so using many pages hosted by a major free provider enables spammers to have different URLs in each message and a domain name that can’t be blocked.
There are several places spammers can go to host their site content: Google (blogspot, googlepages, etc.), Microsoft (live spaces, live), Yahoo (geocities), social networks (Facebook, MySpace), blogs, and basically anywhere that user-generated content is allowed. This practice became increasingly popular in 2008 and I expect we will continue to see it increase in 2009.
Plus, in 2008 we saw a significant increase in spam sent from accounts created or compromised at free Webmail providers. Another way that antispam companies block spam messages is based on the source IP that the messages come from. If the messages come from a major free Webmail provider such as Gmail, Yahoo, Hotmail or AOL then the anti-spam software cannot block it based on its source.
Spammers capitalize on that by creating accounts or gaining access to existing accounts on these large Webmail services as well as on Webmail services provided by telecom and cable operators. Spammers have figured out how to script the Webmail interfaces to send out their messages and create “family” accounts when using a service that allows multiple accounts. This is clearly an advanced technique, but I expect we’ll continue to see this increase as spammers attempt to find new ways to send messages that escape IP based blocks.
Finally, in 2008 the amount of spam targeting new media other than e-mail grew. Social networks such as Facebook and MySpace were major targets for spam and phishing campaigns, using new techniques that don’t involve e-mail but instead use features that the sites themselves provide to propagate content between users.
Many of these attacks have become quite advanced; for example, in one form of attack spammers create accounts on a major social network site, gather a large number of friends and then change their profile to include a link to a site selling their wares. This type of attack changes the spam vector from a push technique, where they are sending out the message with the advertisement, to more of a pull technique, where they’re attracting friends to their page to come see the ad. Defending social networks against spam introduces many additional challenges, as there are improved communication vectors available and more information exposed.
I expect that in 2009 we’ll see spammers' efforts targeted to new media continue to rise, not only targeting social networks but also other media. Personally, I expect to see a rise in mobile spam in 2009 as well, with Short Message System (SMS) spam and phishing messages growing in popularity.
Jamie de Guerre finishes in the next and final part of this series with a discussion of new antispam technologies.
* * *
Jamie de Guerre started as a core member of the design team writing the first design specifications for Cloudmark Server Edition and multiple versions of Cloudmark Authority. As CTO, Jamie is responsible for Cloudmark’s technical strategy and roadmap. Additionally, Jamie manages Cloudmark’s Technology Services, Sales Engineering, Product Management, and ISP Support teams, ensuring a tight bridge between customers and internal technical development. You may write to him with your comments.