Google Reports Surge in Spam Using Obfuscated JavaScript

Using data gathered by its Postini email security solution, Google estimates that there was less spam this quarter than during the same period last year. Despite this, the quantity of emails carrying viruses has more than doubled. The company also warns of a surge in email attacks using malicious obfuscated JavaScript.

Google's Postini Anti-Spam Engine (PASE) scans over three billion email messages on a daily basis and keeps the inboxes of 50,000 businesses and 18 million business users clean. Using data gathered by the service, the company releases quarterly statistics and alerts about new developments on the spam landscape.

According to the numbers for Q2 2010, there was a 16% increase in spam traffic compared to the first quarter of this year. However, compared to the same period in 2009, the data actually shows a decrease of 15% in junk mail output.

More noteworthy developments have been recorded on the infected emails front. This type of spam has risen by 3% this quarter and even though this seems like a modest change, it represents a whooping 260% increase compared to Q2 2009.

The high number of email-born viruses is consistent with the findings of other companies for the first half of this year. For example, AppRiver, a provider of email and Web security solutions has recently reported that one in ten spam messages contains malware.

This trend is also reflected in Google's statistics regarding the average spam message size for this quarter, which has increased by 35% compared to Q1. “This points to the fact that spammers are sending more image-based spam, as well as viruses as attachments,” Google's spam researchers note.

The company is also reporting a new method of attack involving spam emails that masquerade as Non Delivery Report (NDR) messages. These messages contain obfuscated JavaScript code, which attempts to direct the victims's browser to malicious websites or silently download malware.

“Fortunately, our spam traps were receiving these messages early, providing our engineers with advanced warning which allowed us to write manual filters and escalate to our anti-virus partners quickly. In addition to this, we updated our Postini Anti-Spam Engine (PASE) to recognize the obfuscated JavaScript and capture the messages based on the underlying code to ensure accuracy,” the Google Postini Services team informs.

You can follow the editor on Twitter @lconstantin